Sessions

List sessions

client.zones.sessions.list(, ?, ?): SessionListResponse { items, pagination }

GET/zones/{zoneId}/sessions

Get session

client.zones.sessions.retrieve(, , ?): Session

GET/zones/{zoneId}/sessions/{id}

Update session

client.zones.sessions.update(, , ?): Session

PATCH/zones/{zoneId}/sessions/{id}

Delete session

client.zones.sessions.delete(, , ?): void

DELETE/zones/{zoneId}/sessions/{id}

ModelsExpand Collapse

Session = IamUserSessionType { session_type, user_id, id, 19 more } | IamApplicationSessionType { application_id, issuer, provider_id, 14 more }

An authenticated identity session. Sessions can be user sessions (representing end-user authentication) or application sessions (representing service-to-service authentication). User sessions support hierarchical relationships via parent_id, while application sessions are always standalone.

Accepts one of the following:

IamUserSessionType { session_type, user_id, id, 19 more }

User session type-specific fields

session_type: "user"

user_id: string

User ID

id?: string

Session ID

Deprecatedactive?: boolean

Whether the session is currently active (deprecated - use status instead)

Deprecatedapplication?: Application { id, created_at, dependencies_count, 10 more }

An Application is a software system with an associated identity that can access Resources. It may act on its own behalf (machine-to-machine) or on behalf of a user (delegated access).

id: string

Unique identifier of the application

created_at: string

Entity creation timestamp

formatdate-time

dependencies_count: number

Number of resource dependencies

identifier: string

User specified identifier, unique within the zone

minLength1

maxLength2048

Human-readable name

minLength1

maxLength255

organization_id: string

Organization that owns this application

owner_type: "platform" | "customer"

Who owns this application. Platform-owned applications cannot be modified via API.

Accepts one of the following:

"platform"

"customer"

slug: string

URL-safe identifier, unique within the zone

minLength1

maxLength63

updated_at: string

Entity update timestamp

formatdate-time

zone_id: string

Zone this application belongs to

description?: string | null

Human-readable description

maxLength2048

metadata?: Metadata { docs_url }

Entity metadata

docs_url?: string

Documentation URL

formaturi

maxLength2048

protocols?: Protocols | null

Protocol-specific configuration

oauth2?: Oauth2 | null

OAuth 2.0 protocol configuration

post_logout_redirect_uris?: Array<string> | null

OAuth 2.0 post-logout redirect URIs for this application

redirect_uris?: Array<string> | null

OAuth 2.0 redirect URIs for this application

application_id?: string

Application ID that initiated this session

authenticated_at?: string

Date when the session was authenticated

formatdate-time

created_at?: string

Entity creation timestamp

formatdate-time

expires_at?: string

Date when session expires

formatdate-time

issuer?: string

Issuer URL from IdP

formaturi

metadata?: Metadata { name }

Session metadata

Name of the initiating application or user agent

organization_id?: string

Organization that owns this session

parent_id?: string

Parent session ID for hierarchical sessions (user sessions only). When null, this is a web session - a top-level session initiated directly by a user. When set, this is a child session derived from the parent, used for token refresh or delegation. Application sessions cannot have parents.

provider_id?: string

Provider ID

session_data?: Record<string, unknown>

Session claims data (ID token claims for users, application claims for applications)

status?: "active" | "expired" | "revoked"

Accepts one of the following:

"active"

"expired"

"revoked"

subject?: string

Subject claim from IdP

updated_at?: string

Entity update timestamp

formatdate-time

Deprecateduser?: User { id, created_at, email, 8 more }

An authenticated user entity

id: string

Unique identifier of the user

created_at: string

Entity creation timestamp

formatdate-time

email: string

Email address of the user

formatemail

email_verified: boolean

Whether the email address has been verified

organization_id: string

Organization that owns this user

updated_at: string

Entity update timestamp

formatdate-time

zone_id: string

Zone this user belongs to

authenticated_at?: string

Date when the user was last authenticated

issuer?: string

Issuer identifier of the identity provider

provider_id?: string

Reference to the identity provider. This field is undefined when the source identity provider is deleted but the user is not deleted.

subject?: string

Subject identifier from the identity provider

Deprecateduser_agent?: UserAgent { id, created_at, identifier, 5 more }

A User Agent represents a user agent (browser, desktop app, CLI tool) that can initiate user sessions via OAuth 2.0 Dynamic Client Registration.

id: string

Unique identifier of the user agent

created_at: string

Entity creation timestamp

formatdate-time

identifier: string

User agent identifier (serves as OAuth client_id). Format: ua:{sha256_hash}

Human-readable name

minLength1

maxLength255

organization_id: string

Organization that owns this user agent

slug: string

URL-safe identifier, unique within the zone

minLength1

maxLength63

updated_at: string

Entity update timestamp

formatdate-time

zone_id: string

Zone this user agent belongs to

user_agent_id?: string

User agent ID (browser/client) that initiated this session

zone_id?: string

Zone this session belongs to

IamApplicationSessionType { application_id, issuer, provider_id, 14 more }

Application session type-specific fields

application_id: string

Application ID that initiated this session

issuer: string

Issuer URL from IdP

formaturi

provider_id: string

Provider ID

session_type: "application"

subject: string

Subject claim from IdP

id?: string

Session ID

Deprecatedactive?: boolean

Whether the session is currently active (deprecated - use status instead)

Deprecatedapplication?: Application { id, created_at, dependencies_count, 10 more }

An Application is a software system with an associated identity that can access Resources. It may act on its own behalf (machine-to-machine) or on behalf of a user (delegated access).

id: string

Unique identifier of the application

created_at: string

Entity creation timestamp

formatdate-time

dependencies_count: number

Number of resource dependencies

identifier: string

User specified identifier, unique within the zone

minLength1

maxLength2048

Human-readable name

minLength1

maxLength255

organization_id: string

Organization that owns this application

owner_type: "platform" | "customer"

Who owns this application. Platform-owned applications cannot be modified via API.

Accepts one of the following:

"platform"

"customer"

slug: string

URL-safe identifier, unique within the zone

minLength1

maxLength63

updated_at: string

Entity update timestamp

formatdate-time

zone_id: string

Zone this application belongs to

description?: string | null

Human-readable description

maxLength2048

metadata?: Metadata { docs_url }

Entity metadata

docs_url?: string

Documentation URL

formaturi

maxLength2048

protocols?: Protocols | null

Protocol-specific configuration

oauth2?: Oauth2 | null

OAuth 2.0 protocol configuration

post_logout_redirect_uris?: Array<string> | null

OAuth 2.0 post-logout redirect URIs for this application

redirect_uris?: Array<string> | null

OAuth 2.0 redirect URIs for this application

authenticated_at?: string

Date when the session was authenticated

formatdate-time

created_at?: string

Entity creation timestamp

formatdate-time

expires_at?: string

Date when session expires

formatdate-time

metadata?: Metadata { name }

Session metadata

Name of the initiating application or user agent

organization_id?: string

Organization that owns this session

session_data?: Record<string, unknown>

Session claims data (ID token claims for users, application claims for applications)

status?: "active" | "expired" | "revoked"

Accepts one of the following:

"active"

"expired"

"revoked"

updated_at?: string

Entity update timestamp

formatdate-time

zone_id?: string

Zone this session belongs to