API Reference

Zones

Sessions

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Get session

zones.sessions.retrieve(strid, SessionRetrieveParams**kwargs) -> Session

GET/zones/{zoneId}/sessions/{id}

Returns details of a specific session by session ID

ParametersExpand Collapse

zone_id: str

id: str

ReturnsExpand Collapse

Session

An authenticated identity session. Sessions can be user sessions (representing end-user authentication) or application sessions (representing service-to-service authentication). User sessions support hierarchical relationships via parent_id, while application sessions are always standalone.

Accepts one of the following:

class IamUserSessionType: …

User session type-specific fields

session_type: Literal["user"]

user_id: str

User ID

id: Optional[str]

Session ID

Deprecatedactive: Optional[bool]

Whether the session is currently active (deprecated - use status instead)

Deprecatedapplication: Optional[Application]

An Application is a software system with an associated identity that can access Resources. It may act on its own behalf (machine-to-machine) or on behalf of a user (delegated access).

id: str

Unique identifier of the application

created_at: datetime

Entity creation timestamp

formatdate-time

dependencies_count: int

Number of resource dependencies

identifier: str

User specified identifier, unique within the zone

minLength1

maxLength2048

name: str

Human-readable name

minLength1

maxLength255

organization_id: str

Organization that owns this application

owner_type: Literal["platform", "customer"]

Who owns this application. Platform-owned applications cannot be modified via API.

Accepts one of the following:

"platform"

"customer"

slug: str

URL-safe identifier, unique within the zone

minLength1

maxLength63

updated_at: datetime

Entity update timestamp

formatdate-time

zone_id: str

Zone this application belongs to

description: Optional[str]

Human-readable description

maxLength2048

metadata: Optional[Metadata]

Entity metadata

docs_url: Optional[str]

Documentation URL

formaturi

maxLength2048

protocols: Optional[Protocols]

Protocol-specific configuration

oauth2: Optional[ProtocolsOauth2]

OAuth 2.0 protocol configuration

post_logout_redirect_uris: Optional[List[str]]

OAuth 2.0 post-logout redirect URIs for this application

redirect_uris: Optional[List[str]]

OAuth 2.0 redirect URIs for this application

application_id: Optional[str]

Application ID that initiated this session

authenticated_at: Optional[datetime]

Date when the session was authenticated

formatdate-time

created_at: Optional[datetime]

Entity creation timestamp

formatdate-time

expires_at: Optional[datetime]

Date when session expires

formatdate-time

issuer: Optional[str]

Issuer URL from IdP

formaturi

metadata: Optional[IamUserSessionTypeMetadata]

Session metadata

name: str

Name of the initiating application or user agent

organization_id: Optional[str]

Organization that owns this session

parent_id: Optional[str]

Parent session ID for hierarchical sessions (user sessions only). When null, this is a web session - a top-level session initiated directly by a user. When set, this is a child session derived from the parent, used for token refresh or delegation. Application sessions cannot have parents.

provider_id: Optional[str]

Provider ID

session_data: Optional[Dict[str, object]]

Session claims data (ID token claims for users, application claims for applications)

status: Optional[Literal["active", "expired", "revoked"]]

Accepts one of the following:

"active"

"expired"

"revoked"

subject: Optional[str]

Subject claim from IdP

updated_at: Optional[datetime]

Entity update timestamp

formatdate-time

Deprecateduser: Optional[User]

An authenticated user entity

id: str

Unique identifier of the user

created_at: datetime

Entity creation timestamp

formatdate-time

email: str

Email address of the user

formatemail

email_verified: bool

Whether the email address has been verified

organization_id: str

Organization that owns this user

updated_at: datetime

Entity update timestamp

formatdate-time

zone_id: str

Zone this user belongs to

authenticated_at: Optional[str]

Date when the user was last authenticated

issuer: Optional[str]

Issuer identifier of the identity provider

provider_id: Optional[str]

Reference to the identity provider. This field is undefined when the source identity provider is deleted but the user is not deleted.

subject: Optional[str]

Subject identifier from the identity provider

Deprecateduser_agent: Optional[UserAgent]

A User Agent represents a user agent (browser, desktop app, CLI tool) that can initiate user sessions via OAuth 2.0 Dynamic Client Registration.

id: str

Unique identifier of the user agent

created_at: datetime

Entity creation timestamp

formatdate-time

identifier: str

User agent identifier (serves as OAuth client_id). Format: ua:{sha256_hash}

name: str

Human-readable name

minLength1

maxLength255

organization_id: str

Organization that owns this user agent

slug: str

URL-safe identifier, unique within the zone

minLength1

maxLength63

updated_at: datetime

Entity update timestamp

formatdate-time

zone_id: str

Zone this user agent belongs to

user_agent_id: Optional[str]

User agent ID (browser/client) that initiated this session

zone_id: Optional[str]

Zone this session belongs to

class IamApplicationSessionType: …

Application session type-specific fields

application_id: str

Application ID that initiated this session

issuer: str

Issuer URL from IdP

formaturi

provider_id: str

Provider ID

session_type: Literal["application"]

subject: str

Subject claim from IdP

id: Optional[str]

Session ID

Deprecatedactive: Optional[bool]

Whether the session is currently active (deprecated - use status instead)

Deprecatedapplication: Optional[Application]

An Application is a software system with an associated identity that can access Resources. It may act on its own behalf (machine-to-machine) or on behalf of a user (delegated access).

id: str

Unique identifier of the application

created_at: datetime

Entity creation timestamp

formatdate-time

dependencies_count: int

Number of resource dependencies

identifier: str

User specified identifier, unique within the zone

minLength1

maxLength2048

name: str

Human-readable name

minLength1

maxLength255

organization_id: str

Organization that owns this application

owner_type: Literal["platform", "customer"]

Who owns this application. Platform-owned applications cannot be modified via API.

Accepts one of the following:

"platform"

"customer"

slug: str

URL-safe identifier, unique within the zone

minLength1

maxLength63

updated_at: datetime

Entity update timestamp

formatdate-time

zone_id: str

Zone this application belongs to

description: Optional[str]

Human-readable description

maxLength2048

metadata: Optional[Metadata]

Entity metadata

docs_url: Optional[str]

Documentation URL

formaturi

maxLength2048

protocols: Optional[Protocols]

Protocol-specific configuration

oauth2: Optional[ProtocolsOauth2]

OAuth 2.0 protocol configuration

post_logout_redirect_uris: Optional[List[str]]

OAuth 2.0 post-logout redirect URIs for this application

redirect_uris: Optional[List[str]]

OAuth 2.0 redirect URIs for this application

authenticated_at: Optional[datetime]

Date when the session was authenticated

formatdate-time

created_at: Optional[datetime]

Entity creation timestamp

formatdate-time

expires_at: Optional[datetime]

Date when session expires

formatdate-time

metadata: Optional[IamApplicationSessionTypeMetadata]

Session metadata

name: str

Name of the initiating application or user agent

organization_id: Optional[str]

Organization that owns this session

session_data: Optional[Dict[str, object]]

Session claims data (ID token claims for users, application claims for applications)

status: Optional[Literal["active", "expired", "revoked"]]

Accepts one of the following:

"active"

"expired"

"revoked"

updated_at: Optional[datetime]

Entity update timestamp

formatdate-time

zone_id: Optional[str]

Zone this session belongs to

Get session

Python

HTTP

TypeScript

Python

Go

from keycardai_api import KeycardAPI

client = KeycardAPI()
session = client.zones.sessions.retrieve(
    id="id",
    zone_id="zoneId",
)
print(session)

200 example

{
  "session_type": "user",
  "user_id": "user_id",
  "id": "id",
  "active": true,
  "application": {
    "id": "id",
    "created_at": "2019-12-27T18:11:19.117Z",
    "dependencies_count": 0,
    "identifier": "x",
    "name": "x",
    "organization_id": "organization_id",
    "owner_type": "platform",
    "slug": "slug",
    "updated_at": "2019-12-27T18:11:19.117Z",
    "zone_id": "zone_id",
    "description": "description",
    "metadata": {
      "docs_url": "https://example.com"
    },
    "protocols": {
      "oauth2": {
        "post_logout_redirect_uris": [
          "https://example.com"
        ],
        "redirect_uris": [
          "https://example.com"
        ]
      }
    }
  },
  "application_id": "application_id",
  "authenticated_at": "2019-12-27T18:11:19.117Z",
  "created_at": "2019-12-27T18:11:19.117Z",
  "expires_at": "2019-12-27T18:11:19.117Z",
  "issuer": "https://example.com",
  "metadata": {
    "name": "name"
  },
  "organization_id": "organization_id",
  "parent_id": "parent_id",
  "provider_id": "provider_id",
  "session_data": {
    "foo": "bar"
  },
  "status": "active",
  "subject": "subject",
  "updated_at": "2019-12-27T18:11:19.117Z",
  "user": {
    "id": "id",
    "created_at": "2019-12-27T18:11:19.117Z",
    "email": "dev@stainless.com",
    "email_verified": true,
    "organization_id": "organization_id",
    "updated_at": "2019-12-27T18:11:19.117Z",
    "zone_id": "zone_id",
    "authenticated_at": "authenticated_at",
    "issuer": "issuer",
    "provider_id": "provider_id",
    "subject": "subject"
  },
  "user_agent": {
    "id": "id",
    "created_at": "2019-12-27T18:11:19.117Z",
    "identifier": "identifier",
    "name": "x",
    "organization_id": "organization_id",
    "slug": "slug",
    "updated_at": "2019-12-27T18:11:19.117Z",
    "zone_id": "zone_id"
  },
  "user_agent_id": "user_agent_id",
  "zone_id": "zone_id"
}

Returns Examples

200 example

{
  "session_type": "user",
  "user_id": "user_id",
  "id": "id",
  "active": true,
  "application": {
    "id": "id",
    "created_at": "2019-12-27T18:11:19.117Z",
    "dependencies_count": 0,
    "identifier": "x",
    "name": "x",
    "organization_id": "organization_id",
    "owner_type": "platform",
    "slug": "slug",
    "updated_at": "2019-12-27T18:11:19.117Z",
    "zone_id": "zone_id",
    "description": "description",
    "metadata": {
      "docs_url": "https://example.com"
    },
    "protocols": {
      "oauth2": {
        "post_logout_redirect_uris": [
          "https://example.com"
        ],
        "redirect_uris": [
          "https://example.com"
        ]
      }
    }
  },
  "application_id": "application_id",
  "authenticated_at": "2019-12-27T18:11:19.117Z",
  "created_at": "2019-12-27T18:11:19.117Z",
  "expires_at": "2019-12-27T18:11:19.117Z",
  "issuer": "https://example.com",
  "metadata": {
    "name": "name"
  },
  "organization_id": "organization_id",
  "parent_id": "parent_id",
  "provider_id": "provider_id",
  "session_data": {
    "foo": "bar"
  },
  "status": "active",
  "subject": "subject",
  "updated_at": "2019-12-27T18:11:19.117Z",
  "user": {
    "id": "id",
    "created_at": "2019-12-27T18:11:19.117Z",
    "email": "dev@stainless.com",
    "email_verified": true,
    "organization_id": "organization_id",
    "updated_at": "2019-12-27T18:11:19.117Z",
    "zone_id": "zone_id",
    "authenticated_at": "authenticated_at",
    "issuer": "issuer",
    "provider_id": "provider_id",
    "subject": "subject"
  },
  "user_agent": {
    "id": "id",
    "created_at": "2019-12-27T18:11:19.117Z",
    "identifier": "identifier",
    "name": "x",
    "organization_id": "organization_id",
    "slug": "slug",
    "updated_at": "2019-12-27T18:11:19.117Z",
    "zone_id": "zone_id"
  },
  "user_agent_id": "user_agent_id",
  "zone_id": "zone_id"
}