Skip to content
API Reference
API Reference
Zones
Sessions

Update session

PATCH/zones/{zoneId}/sessions/{id}

Revokes an active session

Path ParametersExpand Collapse
zoneId: string
id: string
Body ParametersJSONExpand Collapse
status: "revoked"
ReturnsExpand Collapse
Session = object { session_type, user_id, id, 19 more } or object { application_id, issuer, provider_id, 14 more }

An authenticated identity session. Sessions can be user sessions (representing end-user authentication) or application sessions (representing service-to-service authentication). User sessions support hierarchical relationships via parent_id, while application sessions are always standalone.

Accepts one of the following:
IamUserSessionType = object { session_type, user_id, id, 19 more }

User session type-specific fields

session_type: "user"
user_id: string

User ID

id: optional string

Session ID

Deprecatedactive: optional boolean

Whether the session is currently active (deprecated - use status instead)

Deprecatedapplication: optional Application { id, created_at, dependencies_count, 10 more }

An Application is a software system with an associated identity that can access Resources. It may act on its own behalf (machine-to-machine) or on behalf of a user (delegated access).

id: string

Unique identifier of the application

created_at: string

Entity creation timestamp

formatdate-time
dependencies_count: number

Number of resource dependencies

identifier: string

User specified identifier, unique within the zone

minLength1
maxLength2048
name: string

Human-readable name

minLength1
maxLength255
organization_id: string

Organization that owns this application

owner_type: "platform" or "customer"

Who owns this application. Platform-owned applications cannot be modified via API.

Accepts one of the following:
"platform"
"customer"
slug: string

URL-safe identifier, unique within the zone

minLength1
maxLength63
updated_at: string

Entity update timestamp

formatdate-time
zone_id: string

Zone this application belongs to

description: optional string

Human-readable description

maxLength2048
metadata: optional Metadata { docs_url }

Entity metadata

docs_url: optional string

Documentation URL

formaturi
maxLength2048
protocols: optional object { oauth2 }

Protocol-specific configuration

oauth2: optional object { post_logout_redirect_uris, redirect_uris }

OAuth 2.0 protocol configuration

post_logout_redirect_uris: optional array of string

OAuth 2.0 post-logout redirect URIs for this application

redirect_uris: optional array of string

OAuth 2.0 redirect URIs for this application

application_id: optional string

Application ID that initiated this session

authenticated_at: optional string

Date when the session was authenticated

formatdate-time
created_at: optional string

Entity creation timestamp

formatdate-time
expires_at: optional string

Date when session expires

formatdate-time
issuer: optional string

Issuer URL from IdP

formaturi
metadata: optional object { name }

Session metadata

name: string

Name of the initiating application or user agent

organization_id: optional string

Organization that owns this session

parent_id: optional string

Parent session ID for hierarchical sessions (user sessions only). When null, this is a web session - a top-level session initiated directly by a user. When set, this is a child session derived from the parent, used for token refresh or delegation. Application sessions cannot have parents.

provider_id: optional string

Provider ID

session_data: optional map[unknown]

Session claims data (ID token claims for users, application claims for applications)

status: optional "active" or "expired" or "revoked"
Accepts one of the following:
"active"
"expired"
"revoked"
subject: optional string

Subject claim from IdP

updated_at: optional string

Entity update timestamp

formatdate-time
Deprecateduser: optional User { id, created_at, email, 8 more }

An authenticated user entity

id: string

Unique identifier of the user

created_at: string

Entity creation timestamp

formatdate-time
email: string

Email address of the user

formatemail
email_verified: boolean

Whether the email address has been verified

organization_id: string

Organization that owns this user

updated_at: string

Entity update timestamp

formatdate-time
zone_id: string

Zone this user belongs to

authenticated_at: optional string

Date when the user was last authenticated

issuer: optional string

Issuer identifier of the identity provider

provider_id: optional string

Reference to the identity provider. This field is undefined when the source identity provider is deleted but the user is not deleted.

subject: optional string

Subject identifier from the identity provider

Deprecateduser_agent: optional UserAgent { id, created_at, identifier, 5 more }

A User Agent represents a user agent (browser, desktop app, CLI tool) that can initiate user sessions via OAuth 2.0 Dynamic Client Registration.

id: string

Unique identifier of the user agent

created_at: string

Entity creation timestamp

formatdate-time
identifier: string

User agent identifier (serves as OAuth client_id). Format: ua:{sha256_hash}

name: string

Human-readable name

minLength1
maxLength255
organization_id: string

Organization that owns this user agent

slug: string

URL-safe identifier, unique within the zone

minLength1
maxLength63
updated_at: string

Entity update timestamp

formatdate-time
zone_id: string

Zone this user agent belongs to

user_agent_id: optional string

User agent ID (browser/client) that initiated this session

zone_id: optional string

Zone this session belongs to

IamApplicationSessionType = object { application_id, issuer, provider_id, 14 more }

Application session type-specific fields

application_id: string

Application ID that initiated this session

issuer: string

Issuer URL from IdP

formaturi
provider_id: string

Provider ID

session_type: "application"
subject: string

Subject claim from IdP

id: optional string

Session ID

Deprecatedactive: optional boolean

Whether the session is currently active (deprecated - use status instead)

Deprecatedapplication: optional Application { id, created_at, dependencies_count, 10 more }

An Application is a software system with an associated identity that can access Resources. It may act on its own behalf (machine-to-machine) or on behalf of a user (delegated access).

id: string

Unique identifier of the application

created_at: string

Entity creation timestamp

formatdate-time
dependencies_count: number

Number of resource dependencies

identifier: string

User specified identifier, unique within the zone

minLength1
maxLength2048
name: string

Human-readable name

minLength1
maxLength255
organization_id: string

Organization that owns this application

owner_type: "platform" or "customer"

Who owns this application. Platform-owned applications cannot be modified via API.

Accepts one of the following:
"platform"
"customer"
slug: string

URL-safe identifier, unique within the zone

minLength1
maxLength63
updated_at: string

Entity update timestamp

formatdate-time
zone_id: string

Zone this application belongs to

description: optional string

Human-readable description

maxLength2048
metadata: optional Metadata { docs_url }

Entity metadata

docs_url: optional string

Documentation URL

formaturi
maxLength2048
protocols: optional object { oauth2 }

Protocol-specific configuration

oauth2: optional object { post_logout_redirect_uris, redirect_uris }

OAuth 2.0 protocol configuration

post_logout_redirect_uris: optional array of string

OAuth 2.0 post-logout redirect URIs for this application

redirect_uris: optional array of string

OAuth 2.0 redirect URIs for this application

authenticated_at: optional string

Date when the session was authenticated

formatdate-time
created_at: optional string

Entity creation timestamp

formatdate-time
expires_at: optional string

Date when session expires

formatdate-time
metadata: optional object { name }

Session metadata

name: string

Name of the initiating application or user agent

organization_id: optional string

Organization that owns this session

session_data: optional map[unknown]

Session claims data (ID token claims for users, application claims for applications)

status: optional "active" or "expired" or "revoked"
Accepts one of the following:
"active"
"expired"
"revoked"
updated_at: optional string

Entity update timestamp

formatdate-time
zone_id: optional string

Zone this session belongs to

Update session

curl https://api.keycard.ai/zones/$ZONE_ID/sessions/$ID \
    -X PATCH \
    -H 'Content-Type: application/json' \
    -d '{
          "status": "revoked"
        }'
{
  "session_type": "user",
  "user_id": "user_id",
  "id": "id",
  "active": true,
  "application": {
    "id": "id",
    "created_at": "2019-12-27T18:11:19.117Z",
    "dependencies_count": 0,
    "identifier": "x",
    "name": "x",
    "organization_id": "organization_id",
    "owner_type": "platform",
    "slug": "slug",
    "updated_at": "2019-12-27T18:11:19.117Z",
    "zone_id": "zone_id",
    "description": "description",
    "metadata": {
      "docs_url": "https://example.com"
    },
    "protocols": {
      "oauth2": {
        "post_logout_redirect_uris": [
          "https://example.com"
        ],
        "redirect_uris": [
          "https://example.com"
        ]
      }
    }
  },
  "application_id": "application_id",
  "authenticated_at": "2019-12-27T18:11:19.117Z",
  "created_at": "2019-12-27T18:11:19.117Z",
  "expires_at": "2019-12-27T18:11:19.117Z",
  "issuer": "https://example.com",
  "metadata": {
    "name": "name"
  },
  "organization_id": "organization_id",
  "parent_id": "parent_id",
  "provider_id": "provider_id",
  "session_data": {
    "foo": "bar"
  },
  "status": "active",
  "subject": "subject",
  "updated_at": "2019-12-27T18:11:19.117Z",
  "user": {
    "id": "id",
    "created_at": "2019-12-27T18:11:19.117Z",
    "email": "dev@stainless.com",
    "email_verified": true,
    "organization_id": "organization_id",
    "updated_at": "2019-12-27T18:11:19.117Z",
    "zone_id": "zone_id",
    "authenticated_at": "authenticated_at",
    "issuer": "issuer",
    "provider_id": "provider_id",
    "subject": "subject"
  },
  "user_agent": {
    "id": "id",
    "created_at": "2019-12-27T18:11:19.117Z",
    "identifier": "identifier",
    "name": "x",
    "organization_id": "organization_id",
    "slug": "slug",
    "updated_at": "2019-12-27T18:11:19.117Z",
    "zone_id": "zone_id"
  },
  "user_agent_id": "user_agent_id",
  "zone_id": "zone_id"
}
Returns Examples
{
  "session_type": "user",
  "user_id": "user_id",
  "id": "id",
  "active": true,
  "application": {
    "id": "id",
    "created_at": "2019-12-27T18:11:19.117Z",
    "dependencies_count": 0,
    "identifier": "x",
    "name": "x",
    "organization_id": "organization_id",
    "owner_type": "platform",
    "slug": "slug",
    "updated_at": "2019-12-27T18:11:19.117Z",
    "zone_id": "zone_id",
    "description": "description",
    "metadata": {
      "docs_url": "https://example.com"
    },
    "protocols": {
      "oauth2": {
        "post_logout_redirect_uris": [
          "https://example.com"
        ],
        "redirect_uris": [
          "https://example.com"
        ]
      }
    }
  },
  "application_id": "application_id",
  "authenticated_at": "2019-12-27T18:11:19.117Z",
  "created_at": "2019-12-27T18:11:19.117Z",
  "expires_at": "2019-12-27T18:11:19.117Z",
  "issuer": "https://example.com",
  "metadata": {
    "name": "name"
  },
  "organization_id": "organization_id",
  "parent_id": "parent_id",
  "provider_id": "provider_id",
  "session_data": {
    "foo": "bar"
  },
  "status": "active",
  "subject": "subject",
  "updated_at": "2019-12-27T18:11:19.117Z",
  "user": {
    "id": "id",
    "created_at": "2019-12-27T18:11:19.117Z",
    "email": "dev@stainless.com",
    "email_verified": true,
    "organization_id": "organization_id",
    "updated_at": "2019-12-27T18:11:19.117Z",
    "zone_id": "zone_id",
    "authenticated_at": "authenticated_at",
    "issuer": "issuer",
    "provider_id": "provider_id",
    "subject": "subject"
  },
  "user_agent": {
    "id": "id",
    "created_at": "2019-12-27T18:11:19.117Z",
    "identifier": "identifier",
    "name": "x",
    "organization_id": "organization_id",
    "slug": "slug",
    "updated_at": "2019-12-27T18:11:19.117Z",
    "zone_id": "zone_id"
  },
  "user_agent_id": "user_agent_id",
  "zone_id": "zone_id"
}