Reference / Sessions

Revoke one of the current user's sessions (log out a device). Requires an end-user access token; a user can only revoke a session belonging to them (enforced by RLS + ownership check).

DELETE /v1/sessions/{id}
End-user session operationId: revoke

Authorization

Called from the browser with the publishable application id (x-application-id); the access token lives in memory.

Path parameters

  • id string<uuid> required

    Session id to revoke

Responses

200 Revoked
401 No end-user session
403 Not the caller's session
404 No such session

Request

curl -X DELETE "http://localhost:8080/v1/sessions/018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f" \

Try it

live request
DELETE http://localhost:8080/v1/sessions/018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f

Path parameters