Sessions API — view and revoke active sessions

The Sessions API exposes refresh-token sessions as a sub-resource of users. A session corresponds to a single refresh token row in the tokens table. Users can always list and revoke their own sessions without any special permission. Accessing or revoking another user’s sessions requires the sesiones:read or sesiones:delete permission respectively.

GET /api/usuarios/me/sesiones

List the sessions belonging to the currently authenticated user. Authentication: Bearer token required.
Permission required: none (own sessions only).

Query parameters

activos_solo

boolean

default:"true"

When true, only non-revoked sessions that have not yet expired are returned. Set to false to include all historical sessions.

Response — 200 OK

Returns an array of TokenInfo objects ordered by fecha_expiracion descending.

number

required

Session (token row) ID.

usuario_id

number

required

ID of the user who owns this session.

fecha_expiracion

string

required

ISO 8601 timestamp when the refresh token expires.

revocado

boolean

required

Whether the session has been explicitly revoked.

curl --request GET \
  --url 'https://api.example.com/api/usuarios/me/sesiones?activos_solo=true' \
  --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...'

[
  {
    "id": 101,
    "usuario_id": 42,
    "fecha_expiracion": "2026-06-21T10:00:00Z",
    "revocado": false
  }
]

GET /api/usuarios//sesiones

List sessions for a specific user. The authenticated user may query their own sessions without extra permissions. Querying another user’s sessions requires sesiones:read. Authentication: Bearer token required.
Permission required: none for own sessions; sesiones:read for other users.

Path parameters

usuario_id

number

required

ID of the user whose sessions to list.

Query parameters

activos_solo

boolean

default:"true"

Return only active (non-revoked, non-expired) sessions when true.

skip

number

default:"0"

Number of records to skip for pagination.

limit

number

default:"50"

Maximum number of records to return. Cannot exceed 200.

Response — 200 OK

Returns an array of TokenInfo objects. See GET /api/usuarios/me/sesiones for the field list.

curl --request GET \
  --url 'https://api.example.com/api/usuarios/42/sesiones?activos_solo=false&skip=0&limit=10' \
  --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...'

[
  {
    "id": 101,
    "usuario_id": 42,
    "fecha_expiracion": "2026-06-21T10:00:00Z",
    "revocado": false
  },
  {
    "id": 98,
    "usuario_id": 42,
    "fecha_expiracion": "2026-05-20T08:30:00Z",
    "revocado": true
  }
]

DELETE /api/usuarios//sesiones/

Revoke a single session by ID. The owner of the session can always revoke it. Revoking another user’s session requires sesiones:delete. Authentication: Bearer token required.
Permission required: none for own sessions; sesiones:delete for other users.

Path parameters

usuario_id

number

required

ID of the user who owns the session.

sesion_id

number

required

ID of the session to revoke.

Response — 204 No Content

No response body is returned. If the session is already revoked the request is idempotent and still returns 204.

curl --request DELETE \
  --url https://api.example.com/api/usuarios/42/sesiones/101 \
  --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...'

{ "detail": "Sesion no encontrada" }

DELETE /api/usuarios//sesiones

Revoke all active sessions for a user at once — a force-logout. The owner can revoke their own sessions. Revoking another user’s sessions requires sesiones:delete. Authentication: Bearer token required.
Permission required: none for own sessions; sesiones:delete for other users.

Path parameters

usuario_id

number

required

ID of the user whose sessions to revoke.

Response — 200 OK

revocados

number

required

Number of sessions that were revoked by this request.

usuario_id

number

required

ID of the user whose sessions were revoked.

curl --request DELETE \
  --url https://api.example.com/api/usuarios/42/sesiones \
  --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...'

{
  "revocados": 3,
  "usuario_id": 42
}

Auth & Users

Operations

Logistics

Analytics

Sessions API — view and revoke active sessions

GET /api/usuarios/me/sesiones

Query parameters

Response — 200 OK

GET /api/usuarios//sesiones

Path parameters

Query parameters

Response — 200 OK

DELETE /api/usuarios//sesiones/

Path parameters

Response — 204 No Content

DELETE /api/usuarios//sesiones

Path parameters

Response — 200 OK

Build docs developers (and LLMs) love

Auth & Users

Operations

Logistics

Analytics

Documentation Index

​GET /api/usuarios/me/sesiones

​Query parameters

​Response — 200 OK

​GET /api/usuarios//sesiones

​Path parameters

​Query parameters

​Response — 200 OK

​DELETE /api/usuarios//sesiones/

​Path parameters

​Response — 204 No Content

​DELETE /api/usuarios//sesiones

​Path parameters

​Response — 200 OK

Build docs developers (and LLMs) love

GET /api/usuarios/me/sesiones

Query parameters

Response — 200 OK

GET /api/usuarios//sesiones

Path parameters

Query parameters

Response — 200 OK

DELETE /api/usuarios//sesiones/

Path parameters

Response — 204 No Content

DELETE /api/usuarios//sesiones

Path parameters

Response — 200 OK