Sessions API
List Active Sessions
Section titled “List Active Sessions”GET /admin/projects/:projectId/sessionsAuthorization: Bearer <admin_token>Query Parameters
Section titled “Query Parameters”| Parameter | Type | Default | Description |
|---|---|---|---|
limit | number | 20 | Results per page (max 100) |
offset | number | 0 | Pagination offset |
Response
Section titled “Response”{ "sessions": [ { "id": "a1b2c3d4e5f6...", "user_id": "usr_abc123", "is_pin_session": false, "pin_id": null, "created_at": "2025-05-19T08:00:00Z", "expires_at": "2025-05-26T08:00:00Z", "revoked": false } ], "total": 1}Revoke Single Session
Section titled “Revoke Single Session”DELETE /admin/projects/:projectId/sessions/:tokenIdAuthorization: Bearer <admin_token>Response
Section titled “Response”{ "ok": true }Revoke All Sessions
Section titled “Revoke All Sessions”Revokes all non-expired refresh tokens for a project. Use for emergency access revocation.
POST /admin/projects/:projectId/sessions/revoke-allAuthorization: Bearer <admin_token>Response
Section titled “Response”{ "ok": true, "revoked": 15 }Revoke Many Sessions
Section titled “Revoke Many Sessions”Bulk revoke up to 100 sessions by ID.
POST /admin/projects/:projectId/sessions/revoke-manyAuthorization: Bearer <admin_token>Content-Type: application/jsonRequest Body
Section titled “Request Body”{ "ids": ["token_id_1", "token_id_2", "token_id_3"]}Response
Section titled “Response”{ "ok": true, "revoked": 3 }Session Lifecycle
Section titled “Session Lifecycle”Created → Active → Revoked (on use / manual / bulk) → Expired (after 7d user / 30d PIN)Sessions that are both revoked and within the 60-second grace period are still usable. After that, they’re permanently dead.