Get My Active Sessions

GET https://apis.<domain>/auth/sessions

This endpoints returns all other active sessions that belong to the logged-in user. The current session can be retrieved by calling the /sessions/whoami endpoint.

Request

Query Parameters

per_page int64

Possible values: >= 1 and <= 1000

Default value: 250

Deprecated Items per Page

DEPRECATED: Please use page_token instead. This parameter will be removed in the future.

This is the number of items per page.

page int64

Deprecated Pagination Page

DEPRECATED: Please use page_token instead. This parameter will be removed in the future.

This value is currently an integer, but it is not sequential. The value is not the page number, but a reference. The next page can be any number and some numbers might return an empty list.

For example, page 2 might not follow after page 1. And even if page 3 and 5 exist, but page 4 might not exist. The first page can be retrieved by omitting this parameter. Following page pointers will be returned in the Link header.

page_size int64

Possible values: >= 1 and <= 500

Default value: 250

Page Size

This is the number of items per page to return. For details on pagination please head over to the pagination documentation.

page_token string

Possible values: >= 1

Default value: 1

Next Page Token

The next page token. For details on pagination please head over to the pagination documentation.

Header Parameters

X-Session-Token string

Set the Session Token when calling from non-browser clients. A session token has a format of MP2YWEMeM8MxjkGKpH4dqOQ4Q4DlSPaj.

Cookie string

Set the Cookie Header. This is especially useful when calling this endpoint from a server-side application. In that scenario you must include the HTTP Cookie Header which originally was included in the request to your server.

Responses

200
400
401
default

List My Session Response

application/json

Schema
Example (from schema)

Schema

Array [

active boolean

Active state. If false the session is no longer active.

authenticated_at date-time

The Session Authentication Timestamp

When this session was authenticated at. If multi-factor authentication was used this is the time when the last factor was authenticated (e.g. the TOTP code challenge was completed).

authentication_methods object[]

authenticator_assurance_level Authenticator Assurance Level (AAL)

Possible values: [aal0, aal1, aal2, aal3]

The authenticator assurance level can be one of "aal1", "aal2", or "aal3". A higher number means that it is harder for an attacker to compromise the account.

Generally, "aal1" implies that one authentication factor was used while AAL2 implies that two factors (e.g. password + TOTP) have been used.

devices object[]

expires_at date-time

The Session Expiry

When this session expires at.

id uuidrequired

Session ID

identity object

An identity represents a (human) user.

created_at date-time

CreatedAt is a helper struct field for gobuffalo.pop.

credentials object

id uuidrequired

ID is the identity's unique identifier.

The Identity ID can not be changed and can not be chosen. This ensures future compatibility and optimization for distributed stores such as CockroachDB.

metadata_admin nullJsonRawMessagenullable

NullJSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger and is NULLable-

metadata_public nullJsonRawMessagenullable

NullJSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger and is NULLable-

organization_id uuid4nullable

recovery_addresses object[]

schema_id stringrequired

SchemaID is the ID of the JSON Schema to be used for validating the identity's traits.

schema_url stringrequired

SchemaURL is the URL of the endpoint where the identity's traits schema can be fetched from.

format: url

state An Identity's State

Possible values: [active, inactive]

The state can either be active or inactive.

state_changed_at date-time

traits identityTraitsrequired

Traits represent an identity's traits. The identity is able to create, modify, and delete traits in a self-service manner. The input will always be validated against the JSON Schema defined in schema_url.

updated_at date-time

UpdatedAt is a helper struct field for gobuffalo.pop.

verifiable_addresses object[]

issued_at date-time

The Session Issuance Timestamp

When this session was issued at. Usually equal or close to authenticated_at.

tokenized string

Tokenized is the tokenized (e.g. JWT) version of the session.

It is only set when the tokenize query parameter was set to a valid tokenize template during calls to /session/whoami.

]

[
  {
    "active": true,
    "authenticated_at": "2024-03-30T07:38:31.807Z",
    "authentication_methods": [
      {
        "aal": "aal0",
        "completed_at": "2024-03-30T07:38:31.807Z",
        "method": "link_recovery",
        "organization": "string",
        "provider": "string"
      }
    ],
    "authenticator_assurance_level": "aal0",
    "devices": [
      {
        "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
        "ip_address": "string",
        "location": "string",
        "user_agent": "string"
      }
    ],
    "expires_at": "2024-03-30T07:38:31.807Z",
    "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "identity": {
      "created_at": "2024-03-30T07:38:31.808Z",
      "credentials": {},
      "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
      "organization_id": "string",
      "recovery_addresses": [
        {
          "created_at": "2024-03-30T07:38:31.808Z",
          "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
          "updated_at": "2024-03-30T07:38:31.808Z",
          "value": "string",
          "via": "string"
        }
      ],
      "schema_id": "string",
      "schema_url": "string",
      "state": "active",
      "state_changed_at": "2024-03-30T07:38:31.808Z",
      "updated_at": "2024-03-30T07:38:31.808Z",
      "verifiable_addresses": [
        {
          "created_at": "2014-01-01T23:28:56.782Z",
          "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
          "status": "string",
          "updated_at": "2014-01-01T23:28:56.782Z",
          "value": "string",
          "verified": true,
          "verified_at": "2024-03-30T07:38:31.808Z",
          "via": "email"
        }
      ]
    },
    "issued_at": "2024-03-30T07:38:31.808Z",
    "tokenized": "string"
  }
]

errorGeneric

application/json

Schema
Example (from schema)

Schema

error objectrequired

{
  "error": {
    "code": 404,
    "debug": "SQL field \"foo\" is not a bool.",
    "details": {},
    "id": "string",
    "message": "The resource could not be found",
    "reason": "User with ID 1234 does not exist.",
    "request": "d7ef54b1-ec15-46e6-bccb-524b82c035e6",
    "status": "Not Found"
  }
}

errorGeneric

application/json

Schema
Example (from schema)

Schema

error objectrequired

{
  "error": {
    "code": 404,
    "debug": "SQL field \"foo\" is not a bool.",
    "details": {},
    "id": "string",
    "message": "The resource could not be found",
    "reason": "User with ID 1234 does not exist.",
    "request": "d7ef54b1-ec15-46e6-bccb-524b82c035e6",
    "status": "Not Found"
  }
}

errorGeneric

application/json

Schema
Example (from schema)

Schema

error objectrequired

{
  "error": {
    "code": 404,
    "debug": "SQL field \"foo\" is not a bool.",
    "details": {},
    "id": "string",
    "message": "The resource could not be found",
    "reason": "User with ID 1234 does not exist.",
    "request": "d7ef54b1-ec15-46e6-bccb-524b82c035e6",
    "status": "Not Found"
  }
}

CURL

curl -L -X GET 'https://apis.<domain>/auth/sessions' \
-H 'Accept: application/json'

Get My Active Sessions

https://apis.<domain>/auth/sessions

Request​

Query Parameters

Header Parameters

Responses​

Request

Responses