Sessions (Admin) โ
Operator view of every user's active sessions. The user-facing equivalent โ list/revoke your own sessions โ lives at Self โบ Sessions.
Scopes โ
| Scope | Reach |
|---|---|
admin | Listing, reading, deleting sessions. |
admin:read | Reading the session filter metadata. |
The split is intentional โ admin:read lets observability/UI roles render filter pickers without granting full session manipulation.
Endpoints โ
List Sessions โ
GET /api/admin/sessions/
Returns a page of session records spanning every user.
Required scope: admin ยท also accepts API key
Query parameters โ standard pagination set; see Conventions โบ Pagination. Defaults: sort_by=created, sort_order=desc. (No hydrate flag on this resource.)
Response 200 โ SessionInDbCursorPage
Get Session Filter Metadata โ
GET /api/admin/sessions/filters
Returns filter/operator/sort options for List Sessions.
Required scope: admin:read
Response 200 โ open metadata object.
Get Session by ID โ
GET /api/admin/sessions/{id}
Returns a single session record.
Required scope: admin ยท also accepts API key
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
id | string | yes | Session ID. |
Response 200 โ SessionRead
Delete Session by ID โ
DELETE /api/admin/sessions/{id}
Force-revokes a session โ the affected user is immediately signed out of that session.
Required scope: admin
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
id | string | yes | Session ID. |
Response 204 โ empty.
TIP
Force-revocation is the right tool when a user reports a compromised device or when post-employment offboarding requires immediately ending an account's reach. For routine "sign me out everywhere" UX, prefer the self-service DELETE /api/self/sessions/{id} flow.
See also โ
- Self โบ Get Self Sessions โ user-facing equivalent.
- Authentication โ how sessions are created in the first place.