Skip to content
API Reference
API Reference
Zones
Sessions

List sessions

zones.sessions.list(strzone_id, SessionListParams**kwargs) -> SessionListResponse
GET/zones/{zoneId}/sessions

Returns sessions in the specified zone. By default, returns entry sessions (app user sessions with an initiator that are roots or direct children of a root user session). Use include_nested=true to include nested sessions. Can be filtered by session type, status, and user.

ParametersExpand Collapse
zone_id: str
active: Optional[Literal["true"]]
after: Optional[str]

Cursor for forward pagination

minLength1
maxLength255
before: Optional[str]

Cursor for backward pagination

minLength1
maxLength255
expand: Optional[Union[Literal["total_count"], List[Literal["total_count"]]]]
Accepts one of the following:
Literal["total_count"]
List[Literal["total_count"]]
include_nested: Optional[Literal["true"]]

Include nested sessions. When false (default), only returns entry sessions (direct children of root user sessions). When true, returns all sessions with an initiator, including nested sessions.

limit: Optional[int]

Maximum number of items to return

minimum1
maximum100
session_type: Optional[Literal["user", "application"]]
Accepts one of the following:
"user"
"application"
status: Optional[Literal["active", "expired", "revoked"]]
Accepts one of the following:
"active"
"expired"
"revoked"
user_id: Optional[str]

Filter by user ID

ReturnsExpand Collapse
class SessionListResponse:
items: List[Session]
Accepts one of the following:
class IamUserSessionType:

User session type-specific fields

session_type: Literal["user"]
user_id: str

User ID

id: Optional[str]

Session ID

Deprecatedactive: Optional[bool]

Whether the session is currently active (deprecated - use status instead)

Deprecatedapplication: Optional[Application]

An Application is a software system with an associated identity that can access Resources. It may act on its own behalf (machine-to-machine) or on behalf of a user (delegated access).

id: str

Unique identifier of the application

created_at: datetime

Entity creation timestamp

formatdate-time
dependencies_count: int

Number of resource dependencies

identifier: str

User specified identifier, unique within the zone

minLength1
maxLength2048
name: str

Human-readable name

minLength1
maxLength255
organization_id: str

Organization that owns this application

owner_type: Literal["platform", "customer"]

Who owns this application. Platform-owned applications cannot be modified via API.

Accepts one of the following:
"platform"
"customer"
slug: str

URL-safe identifier, unique within the zone

minLength1
maxLength63
updated_at: datetime

Entity update timestamp

formatdate-time
zone_id: str

Zone this application belongs to

description: Optional[str]

Human-readable description

maxLength2048
metadata: Optional[Metadata]

Entity metadata

docs_url: Optional[str]

Documentation URL

formaturi
maxLength2048
protocols: Optional[Protocols]

Protocol-specific configuration

oauth2: Optional[ProtocolsOauth2]

OAuth 2.0 protocol configuration

post_logout_redirect_uris: Optional[List[str]]

OAuth 2.0 post-logout redirect URIs for this application

redirect_uris: Optional[List[str]]

OAuth 2.0 redirect URIs for this application

application_id: Optional[str]

Application ID that initiated this session

authenticated_at: Optional[datetime]

Date when the session was authenticated

formatdate-time
created_at: Optional[datetime]

Entity creation timestamp

formatdate-time
expires_at: Optional[datetime]

Date when session expires

formatdate-time
issuer: Optional[str]

Issuer URL from IdP

formaturi
metadata: Optional[IamUserSessionTypeMetadata]

Session metadata

name: str

Name of the initiating application or user agent

organization_id: Optional[str]

Organization that owns this session

parent_id: Optional[str]

Parent session ID for hierarchical sessions (user sessions only). When null, this is a web session - a top-level session initiated directly by a user. When set, this is a child session derived from the parent, used for token refresh or delegation. Application sessions cannot have parents.

provider_id: Optional[str]

Provider ID

session_data: Optional[Dict[str, object]]

Session claims data (ID token claims for users, application claims for applications)

status: Optional[Literal["active", "expired", "revoked"]]
Accepts one of the following:
"active"
"expired"
"revoked"
subject: Optional[str]

Subject claim from IdP

updated_at: Optional[datetime]

Entity update timestamp

formatdate-time
Deprecateduser: Optional[User]

An authenticated user entity

id: str

Unique identifier of the user

created_at: datetime

Entity creation timestamp

formatdate-time
email: str

Email address of the user

formatemail
email_verified: bool

Whether the email address has been verified

organization_id: str

Organization that owns this user

updated_at: datetime

Entity update timestamp

formatdate-time
zone_id: str

Zone this user belongs to

authenticated_at: Optional[str]

Date when the user was last authenticated

issuer: Optional[str]

Issuer identifier of the identity provider

provider_id: Optional[str]

Reference to the identity provider. This field is undefined when the source identity provider is deleted but the user is not deleted.

subject: Optional[str]

Subject identifier from the identity provider

Deprecateduser_agent: Optional[UserAgent]

A User Agent represents a user agent (browser, desktop app, CLI tool) that can initiate user sessions via OAuth 2.0 Dynamic Client Registration.

id: str

Unique identifier of the user agent

created_at: datetime

Entity creation timestamp

formatdate-time
identifier: str

User agent identifier (serves as OAuth client_id). Format: ua:{sha256_hash}

name: str

Human-readable name

minLength1
maxLength255
organization_id: str

Organization that owns this user agent

slug: str

URL-safe identifier, unique within the zone

minLength1
maxLength63
updated_at: datetime

Entity update timestamp

formatdate-time
zone_id: str

Zone this user agent belongs to

user_agent_id: Optional[str]

User agent ID (browser/client) that initiated this session

zone_id: Optional[str]

Zone this session belongs to

class IamApplicationSessionType:

Application session type-specific fields

application_id: str

Application ID that initiated this session

issuer: str

Issuer URL from IdP

formaturi
provider_id: str

Provider ID

session_type: Literal["application"]
subject: str

Subject claim from IdP

id: Optional[str]

Session ID

Deprecatedactive: Optional[bool]

Whether the session is currently active (deprecated - use status instead)

Deprecatedapplication: Optional[Application]

An Application is a software system with an associated identity that can access Resources. It may act on its own behalf (machine-to-machine) or on behalf of a user (delegated access).

id: str

Unique identifier of the application

created_at: datetime

Entity creation timestamp

formatdate-time
dependencies_count: int

Number of resource dependencies

identifier: str

User specified identifier, unique within the zone

minLength1
maxLength2048
name: str

Human-readable name

minLength1
maxLength255
organization_id: str

Organization that owns this application

owner_type: Literal["platform", "customer"]

Who owns this application. Platform-owned applications cannot be modified via API.

Accepts one of the following:
"platform"
"customer"
slug: str

URL-safe identifier, unique within the zone

minLength1
maxLength63
updated_at: datetime

Entity update timestamp

formatdate-time
zone_id: str

Zone this application belongs to

description: Optional[str]

Human-readable description

maxLength2048
metadata: Optional[Metadata]

Entity metadata

docs_url: Optional[str]

Documentation URL

formaturi
maxLength2048
protocols: Optional[Protocols]

Protocol-specific configuration

oauth2: Optional[ProtocolsOauth2]

OAuth 2.0 protocol configuration

post_logout_redirect_uris: Optional[List[str]]

OAuth 2.0 post-logout redirect URIs for this application

redirect_uris: Optional[List[str]]

OAuth 2.0 redirect URIs for this application

authenticated_at: Optional[datetime]

Date when the session was authenticated

formatdate-time
created_at: Optional[datetime]

Entity creation timestamp

formatdate-time
expires_at: Optional[datetime]

Date when session expires

formatdate-time
metadata: Optional[IamApplicationSessionTypeMetadata]

Session metadata

name: str

Name of the initiating application or user agent

organization_id: Optional[str]

Organization that owns this session

session_data: Optional[Dict[str, object]]

Session claims data (ID token claims for users, application claims for applications)

status: Optional[Literal["active", "expired", "revoked"]]
Accepts one of the following:
"active"
"expired"
"revoked"
updated_at: Optional[datetime]

Entity update timestamp

formatdate-time
zone_id: Optional[str]

Zone this session belongs to

List sessions

from keycardai_api import KeycardAPI

client = KeycardAPI()
sessions = client.zones.sessions.list(
    zone_id="zoneId",
)
print(sessions.items)
{
  "items": [
    {
      "session_type": "user",
      "user_id": "user_id",
      "id": "id",
      "active": true,
      "application": {
        "id": "id",
        "created_at": "2019-12-27T18:11:19.117Z",
        "dependencies_count": 0,
        "identifier": "x",
        "name": "x",
        "organization_id": "organization_id",
        "owner_type": "platform",
        "slug": "slug",
        "updated_at": "2019-12-27T18:11:19.117Z",
        "zone_id": "zone_id",
        "description": "description",
        "metadata": {
          "docs_url": "https://example.com"
        },
        "protocols": {
          "oauth2": {
            "post_logout_redirect_uris": [
              "https://example.com"
            ],
            "redirect_uris": [
              "https://example.com"
            ]
          }
        }
      },
      "application_id": "application_id",
      "authenticated_at": "2019-12-27T18:11:19.117Z",
      "created_at": "2019-12-27T18:11:19.117Z",
      "expires_at": "2019-12-27T18:11:19.117Z",
      "issuer": "https://example.com",
      "metadata": {
        "name": "name"
      },
      "organization_id": "organization_id",
      "parent_id": "parent_id",
      "provider_id": "provider_id",
      "session_data": {
        "foo": "bar"
      },
      "status": "active",
      "subject": "subject",
      "updated_at": "2019-12-27T18:11:19.117Z",
      "user": {
        "id": "id",
        "created_at": "2019-12-27T18:11:19.117Z",
        "email": "dev@stainless.com",
        "email_verified": true,
        "organization_id": "organization_id",
        "updated_at": "2019-12-27T18:11:19.117Z",
        "zone_id": "zone_id",
        "authenticated_at": "authenticated_at",
        "issuer": "issuer",
        "provider_id": "provider_id",
        "subject": "subject"
      },
      "user_agent": {
        "id": "id",
        "created_at": "2019-12-27T18:11:19.117Z",
        "identifier": "identifier",
        "name": "x",
        "organization_id": "organization_id",
        "slug": "slug",
        "updated_at": "2019-12-27T18:11:19.117Z",
        "zone_id": "zone_id"
      },
      "user_agent_id": "user_agent_id",
      "zone_id": "zone_id"
    }
  ],
  "pagination": {
    "after_cursor": "x",
    "before_cursor": "x",
    "total_count": 0
  }
}
Returns Examples
{
  "items": [
    {
      "session_type": "user",
      "user_id": "user_id",
      "id": "id",
      "active": true,
      "application": {
        "id": "id",
        "created_at": "2019-12-27T18:11:19.117Z",
        "dependencies_count": 0,
        "identifier": "x",
        "name": "x",
        "organization_id": "organization_id",
        "owner_type": "platform",
        "slug": "slug",
        "updated_at": "2019-12-27T18:11:19.117Z",
        "zone_id": "zone_id",
        "description": "description",
        "metadata": {
          "docs_url": "https://example.com"
        },
        "protocols": {
          "oauth2": {
            "post_logout_redirect_uris": [
              "https://example.com"
            ],
            "redirect_uris": [
              "https://example.com"
            ]
          }
        }
      },
      "application_id": "application_id",
      "authenticated_at": "2019-12-27T18:11:19.117Z",
      "created_at": "2019-12-27T18:11:19.117Z",
      "expires_at": "2019-12-27T18:11:19.117Z",
      "issuer": "https://example.com",
      "metadata": {
        "name": "name"
      },
      "organization_id": "organization_id",
      "parent_id": "parent_id",
      "provider_id": "provider_id",
      "session_data": {
        "foo": "bar"
      },
      "status": "active",
      "subject": "subject",
      "updated_at": "2019-12-27T18:11:19.117Z",
      "user": {
        "id": "id",
        "created_at": "2019-12-27T18:11:19.117Z",
        "email": "dev@stainless.com",
        "email_verified": true,
        "organization_id": "organization_id",
        "updated_at": "2019-12-27T18:11:19.117Z",
        "zone_id": "zone_id",
        "authenticated_at": "authenticated_at",
        "issuer": "issuer",
        "provider_id": "provider_id",
        "subject": "subject"
      },
      "user_agent": {
        "id": "id",
        "created_at": "2019-12-27T18:11:19.117Z",
        "identifier": "identifier",
        "name": "x",
        "organization_id": "organization_id",
        "slug": "slug",
        "updated_at": "2019-12-27T18:11:19.117Z",
        "zone_id": "zone_id"
      },
      "user_agent_id": "user_agent_id",
      "zone_id": "zone_id"
    }
  ],
  "pagination": {
    "after_cursor": "x",
    "before_cursor": "x",
    "total_count": 0
  }
}