Sessions

Download OpenAPI specification:Download

Manage sessions and refresh access tokens for silent authentication and SSO across apps. These sessions apply to any of the authentication methods implemented using a backend-to-backend integration ('Backend Authentication').

Authenticate session

Authenticates an existing session in order to obtain an access token without explicit user interaction. This enables silent authentication and single sign-on (SSO).

SecurityOAuth2: ClientAccessToken
Request
Request Body schema: application/json
required
resource
string

Resource URI the authentication request is attempting to access, which is reflected in the audience (aud claim) of the access token. This must be configured as resource for the application.

object

Used to request additional claims in the ID token, such as roles, permissions, and other user profile data. The structure is per the OIDC Standard. For supported claims and how to request custom claims, see the ID Token Reference.

org_id
string

Organization ID, used for member login in B2B scenarios

object

Client attributes

session_id
required
string

Authentication session ID returned by other backend methods.

Responses
200

Returns user tokens

post/v1/auth/session/authenticate
Request samples
application/json
{
  • "resource": "string",
  • "claims": {
    },
  • "org_id": "string",
  • "client_attributes": {
    },
  • "session_id": "string"
}
Response samples
application/json
{
  • "access_token": "string",
  • "id_token": "string",
  • "refresh_token": "string",
  • "token_type": "string",
  • "expires_in": 3600,
  • "session_id": "string"
}

Refresh access token

Exchange the refresh token returned upon successful authentication for a new access token.

SecurityOAuth2: ClientAccessToken
Request
Request Body schema: application/json
required
refresh_token
required
string

Refresh token associated with the access token you want to refresh.

Responses
200

Returns user tokens

post/v1/auth/token/refresh
Request samples
application/json
{
  • "refresh_token": "string"
}
Response samples
application/json
{
  • "access_token": "string",
  • "id_token": "string",
  • "refresh_token": "string",
  • "token_type": "string",
  • "expires_in": 3600
}

Logout session

Logs out the user by terminating the provided session.

SecurityOAuth2: ClientAccessToken
Request
Request Body schema: application/json
required
session_id
required
string

ID of the session to log out.

Responses
204
post/v1/auth/session/logout
Request samples
application/json
{
  • "session_id": "string"
}

Get user sessions

Retrieves all active sessions for a specified user

SecurityOAuth2: ClientAccessToken
Request
path Parameters
userId
required
string

ID of the user to retrieve active sessions for

Responses
200
get/v1/auth/users/{userId}/sessions
Request samples
Response samples
application/json
[
  • {
    }
]

Revoke sessions

Revokes all user sessions.

SecurityOAuth2: ClientAccessToken
Request
path Parameters
userId
required
string

ID of the user to terminate active sessions for

Responses
204

Sessions terminated

delete/v1/auth/users/{userId}/sessions
Request samples