# Sessions Manage sessions and refresh access tokens for silent authentication and SSO across apps. These sessions apply to any of the authentication methods implemented using a backend-to-backend integration ('Backend Authentication'). ## Servers Sandbox environment ``` https://api.sbx.transmitsecurity.io/cis ``` Production environment (US) ``` https://api.transmitsecurity.io/cis ``` Production environment (EU) ``` https://api.eu.transmitsecurity.io/cis ``` Production environment (CA) ``` https://api.ca.transmitsecurity.io/cis ``` Production environment (AU) ``` https://api.au.transmitsecurity.io/cis ``` ## Security ### bearer Type: http Scheme: bearer Bearer Format: JWT ### UserAccessToken A token returned upon end-user authentication, which provides access to resources and data for the user and app for which it was generated Type: http Scheme: bearer Bearer Format: JWT ### AdminAccessToken A token generated by a management application using the [token endpoint](/openapi/token.openapi/other/getaccesstoken). It provides access to all resources for the tenant and its apps Type: oauth2 ### ClientAccessToken A token generated by an end-user application using the [token endpoint](/openapi/token.openapi/other/getaccesstoken). It provides access to resources and data on the tenant level or associated with the specific application (but not other apps in the tenant) Type: oauth2 ### OrgAdminAccessToken A token returned upon B2B authentication for a user that has the organizationAdmin or organizationCreator role. Type: oauth2 ## Download OpenAPI description [Sessions](https://developer.transmitsecurity.com/_bundle/openapi/user/backend-sessions.openapi.yaml) ## Other ### Authenticate session - [POST /v1/auth/session/authenticate](https://developer.transmitsecurity.com/openapi/user/backend-sessions.openapi/other/authenticatesession.md): Authenticates an existing session in order to obtain an access token without explicit user interaction. This enables silent authentication and single sign-on (SSO). ### Refresh access token - [POST /v1/auth/token/refresh](https://developer.transmitsecurity.com/openapi/user/backend-sessions.openapi/other/refreshbackendauthtoken.md): Exchange the refresh token returned upon successful authentication for a new access token. Required permissions: apps:execute, [appId]:execute, auth:execute. ### Logout session - [POST /v1/auth/session/logout](https://developer.transmitsecurity.com/openapi/user/backend-sessions.openapi/other/logout.md): Logs out the user by terminating the provided session. Required permissions: apps:delete, [appId]:delete, sessions:delete. ### Get user sessions - [GET /v1/auth/users/{userId}/sessions](https://developer.transmitsecurity.com/openapi/user/backend-sessions.openapi/other/getusersessions.md): Retrieves all active sessions for a specified user. Required permissions: apps:read, [appId]:read, sessions:read. ### Revoke sessions - [DELETE /v1/auth/users/{userId}/sessions](https://developer.transmitsecurity.com/openapi/user/backend-sessions.openapi/other/revokeusersessions.md): Revokes all user sessions. Required permissions: apps:delete, [appId]:delete, sessions:delete.