Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/KingPsychopath/oooc-fete-finder/llms.txt

Use this file to discover all available pages before exploring further.

The session management endpoints allow you to list active admin sessions, revoke individual sessions, and revoke all sessions at once.

List active sessions

Retrieve all active admin authentication sessions. 
GET /api/admin/tokens/sessions

Authentication

This endpoint requires admin authentication. Include one of the following:
  • x-admin-key header with your admin key
  • Authorization: Bearer <token> header with a valid admin session token
  • Valid admin session cookie

Response

success
boolean
required
Whether the request succeeded
count
number
required
Number of active sessions
sessions
array
required
Array of active session objects
sessions[].jti
string
JWT ID - unique identifier for the session
sessions[].iat
number
Issued at timestamp (Unix seconds)
sessions[].exp
number
Expiration timestamp (Unix seconds)
sessions[].v
number
Token version number
currentTokenVersion
number
required
Current global token version (sessions with older versions are invalid)
now
number
required
Current server timestamp (Unix seconds)

Example response

{
  "success": true,
  "count": 2,
  "sessions": [
    {
      "jti": "abc123def456",
      "iat": 1740732000,
      "exp": 1740818400,
      "v": 1
    },
    {
      "jti": "xyz789uvw012",
      "iat": 1740735600,
      "exp": 1740822000,
      "v": 1
    }
  ],
  "currentTokenVersion": 1,
  "now": 1740736800
}

Error responses

401 Unauthorized 
{
  "success": false,
  "error": "Unauthorized"
}
500 Internal Server Error 
{
  "success": false,
  "error": "Failed to list sessions"
}

Revoke a specific session

Revoke a single admin session by its JWT ID. 
DELETE /api/admin/tokens/sessions/:jti

Authentication

This endpoint requires admin authentication.

Path parameters

jti
string
required
The JWT ID of the session to revoke. URL encoding is handled automatically.

Response

success
boolean
required
Whether the revocation succeeded
jti
string
required
The JWT ID that was revoked

Example response

{
  "success": true,
  "jti": "abc123def456"
}

Error responses

401 Unauthorized 
{
  "success": false,
  "error": "Unauthorized"
}
404 Not Found 
{
  "success": false,
  "error": "Session not found or invalid jti"
}

Revoke all sessions

Revoke all active admin sessions by incrementing the global token version. This immediately invalidates all existing session tokens. 
POST /api/admin/tokens/revoke

Authentication

This endpoint requires admin authentication. After this request completes, your current session token will also be invalidated. You’ll need to re-authenticate using your admin key.

Response

success
boolean
required
Whether the revocation succeeded
nextTokenVersion
number
required
The new global token version (all previous versions are now invalid)
timestamp
string
required
ISO 8601 timestamp of the revocation

Example response

{
  "success": true,
  "nextTokenVersion": 2,
  "timestamp": "2026-02-28T10:30:00.000Z"
}

Error responses

401 Unauthorized 
{
  "success": false,
  "error": "Unauthorized"
}
500 Internal Server Error 
{
  "success": false,
  "error": "Failed to revoke sessions"
}

Use cases

Security incident response

If you suspect an admin session has been compromised, use the revoke all sessions endpoint to immediately invalidate all tokens: 
curl -X POST https://your-domain.com/api/admin/tokens/revoke \
  -H "x-admin-key: your-admin-key"

Session cleanup

List active sessions to identify and revoke specific old or suspicious sessions: 
# List sessions
curl https://your-domain.com/api/admin/tokens/sessions \
  -H "x-admin-key: your-admin-key"

# Revoke a specific session
curl -X DELETE https://your-domain.com/api/admin/tokens/sessions/abc123def456 \
  -H "x-admin-key: your-admin-key"

Logout from other devices

Revoke all sessions except the current one by calling the revoke all endpoint, then immediately re-authenticating to create a new session.
Sessions are stored in the same data store as your event data (Postgres or Vercel KV). The session list endpoint returns sessions sorted by creation time, with newest sessions first.

Build docs developers (and LLMs) love

Get started for freeTalk to us