Reference / Sessions

Admin-forced revocation: sign a target user out of **all** their sessions. Requires the `sessions:revoke` permission (developer/admin surface) — an end-user access token can't reach it.

DELETE /v1/users/{id}/sessions
Secret API key operationId: admin_revoke_all

Authorization

Server-to-server. Send a secret key as a Bearer token plus the x-application-id header.

Path parameters

  • id string<uuid> required

    User id whose sessions to revoke

Responses

200 Revoked
403 Missing sessions:revoke permission

Request

curl -X DELETE "http://localhost:8080/v1/users/018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f/sessions" \

Try it

live request
DELETE http://localhost:8080/v1/users/018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f/sessions

Path parameters