Skip to main content

List Active Sessions

Get all active sessions for the authenticated user.

Endpoint

GET /auth/sessions

Authentication

Requires valid access token (Bearer authentication).

Response

success
boolean
Always true for successful requests
data
array
Array of active session objects

Example Request

curl -X GET https://api.ceboelha.com/auth/sessions \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

Example Response

{
  "success": true,
  "data": [
    {
      "_id": "507f1f77bcf86cd799439011",
      "userId": "507f191e810c19729de860ea",
      "token": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
      "deviceInfo": {
        "ip": "192.168.1.100",
        "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
      },
      "expiresAt": "2026-03-10T14:30:00.000Z",
      "createdAt": "2026-03-03T14:30:00.000Z",
      "lastUsedAt": "2026-03-03T15:00:00.000Z",
      "isRevoked": false
    }
  ]
}

Revoke Specific Session

Revoke a specific session by ID, logging out that device.

Endpoint

DELETE /auth/sessions/:id

Authentication

Requires valid access token (Bearer authentication).

Path Parameters

id
string
required
Session ID to revoke (MongoDB ObjectId)

Response

success
boolean
Always true for successful requests
message
string
Success message

Example Request

curl -X DELETE https://api.ceboelha.com/auth/sessions/507f1f77bcf86cd799439011 \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

Example Response

{
  "success": true,
  "message": "Sessão revogada com sucesso"
}

Error Responses

401 Unauthorized
Invalid or expired access token
403 Forbidden
Attempting to revoke a session that doesn’t belong to you
404 Not Found
Session ID not found

Use Cases

  • Security audit: View all devices where you’re logged in
  • Logout other devices: Revoke sessions on lost or stolen devices
  • Session management: Track when and where you’ve been logged in

Build docs developers (and LLMs) love

Get started for freeTalk to us