The Session object is an abstraction over an HTTP session. It models the period of information exchange between a user and the server. Sessions are created when a user successfully goes through the sign in or sign up flows.
List all sessions
Returns a list of all sessions.
The sessions are returned sorted by creation date, with the newest sessions appearing first.
Deprecation Notice (2024-01-01): All parameters were initially considered optional, however
moving forward at least one of client_id or user_id parameters should be provided.
query Parameters
Success
Request was not successful
Authentication invalid
Invalid request parameters
- 200
- 400
- 401
- 422
[- {
- "object": "session",
- "id": "string",
- "user_id": "string",
- "client_id": "string",
- "actor": { },
- "status": "active",
- "last_active_organization_id": "string",
- "last_active_at": 0,
- "latest_activity": {
- "object": "string",
- "id": "string",
- "device_type": "string",
- "is_mobile": true,
- "browser_name": "string",
- "browser_version": "string",
- "ip_address": "string",
- "city": "string",
- "country": "string"
}, - "expire_at": 0,
- "abandon_at": 0,
- "updated_at": 0,
- "created_at": 0
}
]Create a new active session
Create a new active session for the provided user ID.
This operation is intended only for use in testing, and is not available for production instances. If you are looking to generate a user session from the backend, we recommend using the Sign-in Tokens resource instead.
Success
Request was not successful
Authentication invalid
Request was not successful
Invalid request parameters
- Payload
{- "user_id": "string"
}- 200
- 400
- 401
- 404
- 422
{- "object": "session",
- "id": "string",
- "user_id": "string",
- "client_id": "string",
- "actor": { },
- "status": "active",
- "last_active_organization_id": "string",
- "last_active_at": 0,
- "latest_activity": {
- "object": "string",
- "id": "string",
- "device_type": "string",
- "is_mobile": true,
- "browser_name": "string",
- "browser_version": "string",
- "ip_address": "string",
- "city": "string",
- "country": "string"
}, - "expire_at": 0,
- "abandon_at": 0,
- "updated_at": 0,
- "created_at": 0
}Retrieve a session
Retrieve the details of a session
Success
Request was not successful
Authentication invalid
Resource not found
- 200
- 400
- 401
- 404
{- "object": "session",
- "id": "string",
- "user_id": "string",
- "client_id": "string",
- "actor": { },
- "status": "active",
- "last_active_organization_id": "string",
- "last_active_at": 0,
- "latest_activity": {
- "object": "string",
- "id": "string",
- "device_type": "string",
- "is_mobile": true,
- "browser_name": "string",
- "browser_version": "string",
- "ip_address": "string",
- "city": "string",
- "country": "string"
}, - "expire_at": 0,
- "abandon_at": 0,
- "updated_at": 0,
- "created_at": 0
}Refresh a session
Refreshes a session by creating a new session token. A 401 is returned when there are validation errors, which signals the SDKs to fallback to the handshake flow.
Request Body schema: application/json
Refresh session parameters
Success
Request was not successful
Authentication invalid
- Payload
{- "expired_token": "string",
- "refresh_token": "string",
- "request_origin": "string",
- "request_headers": { },
- "format": "token",
- "request_originating_ip": "string"
}- 200
- 400
- 401
{- "object": "token",
- "jwt": "string"
}Revoke a session
Sets the status of a session as "revoked", which is an unauthenticated state. In multi-session mode, a revoked session will still be returned along with its client object, however the user will need to sign in again.
Success
Request was not successful
Authentication invalid
Resource not found
- 200
- 400
- 401
- 404
{- "object": "session",
- "id": "string",
- "user_id": "string",
- "client_id": "string",
- "actor": { },
- "status": "active",
- "last_active_organization_id": "string",
- "last_active_at": 0,
- "latest_activity": {
- "object": "string",
- "id": "string",
- "device_type": "string",
- "is_mobile": true,
- "browser_name": "string",
- "browser_version": "string",
- "ip_address": "string",
- "city": "string",
- "country": "string"
}, - "expire_at": 0,
- "abandon_at": 0,
- "updated_at": 0,
- "created_at": 0
}Verify a sessionDeprecated
Returns the session if it is authenticated, otherwise returns an error. WARNING: This endpoint is deprecated and will be removed in future versions. We strongly recommend switching to networkless verification using short-lived session tokens, which is implemented transparently in all recent SDK versions (e.g. NodeJS SDK). For more details on how networkless verification works, refer to our Session Tokens documentation.
Success
Request was not successful
Authentication invalid
Resource not found
The endpoint is considered deprecated and is pending removal.
- Payload
{- "token": "string"
}- 200
- 400
- 401
- 404
- 410
{- "object": "session",
- "id": "string",
- "user_id": "string",
- "client_id": "string",
- "actor": { },
- "status": "active",
- "last_active_organization_id": "string",
- "last_active_at": 0,
- "latest_activity": {
- "object": "string",
- "id": "string",
- "device_type": "string",
- "is_mobile": true,
- "browser_name": "string",
- "browser_version": "string",
- "ip_address": "string",
- "city": "string",
- "country": "string"
}, - "expire_at": 0,
- "abandon_at": 0,
- "updated_at": 0,
- "created_at": 0
}Create a session token
Creates a session JSON Web Token (JWT) based on a session.
OK
Authentication invalid
Resource not found
- Payload
{- "expires_in_seconds": 30
}- 200
- 401
- 404
{- "object": "token",
- "jwt": "string"
}Create a session token from a jwt template
Creates a JSON Web Token(JWT) based on a session and a JWT Template name defined for your instance
path Parameters
Request Body schema: application/json
OK
Authentication invalid
Resource not found
- Payload
{- "expires_in_seconds": 30
}- 200
- 401
- 404
{- "object": "token",
- "jwt": "string"
}