Sessions API
The Sessions API manages user session lifecycle and monitoring.
Quick Navigation
Overview
This module provides session management capabilities:
- List active sessions
- Revoke individual sessions
- Session monitoring
Base Path
All session endpoints are prefixed with /api/v1/sessions
Authentication
All endpoints require authentication:
Authorization: Bearer <access_token>
Sessions Flow
The Sessions API provides comprehensive session management and monitoring capabilities. Users can view all their active sessions across different devices and locations, and revoke sessions individually for security purposes.
Sessions Flow Diagram
View Flow Diagram
Sessions Flow Overview:
This flow diagram illustrates the session management workflow. It shows how users can view their active sessions, monitor session activity, and revoke sessions for security purposes.
Key Flow Components:
- Session Listing: Users can view all active sessions across different devices and locations
- Session Metadata: Each session includes IP address, user agent, device information, and timestamps
- Session Revocation: Users can revoke individual sessions to terminate access from specific devices
- Security Monitoring: Session activity is tracked for security auditing and anomaly detection
Internal Developer Notes:
- Sessions are automatically created on successful login
- Session metadata is stored in the database for audit purposes
- Revoked sessions are immediately invalidated
- Session expiration follows token expiration settings
Endpoints
| Method | Endpoint | Description |
|---|---|---|
| GET | / | List all active sessions |
| DELETE | /{session_id} | Revoke a specific session |
Internal Notes
- All endpoints are fully implemented
- Sessions are automatically tracked on login
- Session metadata includes IP, user agent, and timestamps
Swagger Documentation
Interactive API documentation available at: /docs#/sessions