Admin-forced revocation: sign a target user out of **all** their sessions. Requires the `sessions:revoke` permission (developer/admin surface) — an end-user access token can't reach it.
DELETE
Secret API key operationId: admin_revoke_all/v1/users/{id}/sessions Authorization
Server-to-server. Send a secret key as a Bearer token plus the x-application-id header.
Path parameters
idstring<uuid> requiredUser id whose sessions to revoke
Responses
200 Revoked
403 Missing sessions:revoke permission
Request
curl -X DELETE "http://localhost:8080/v1/users/018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f/sessions" \Try it
live requestDELETE
http://localhost:8080/v1/users/018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f/sessions