Sessions

Sessions represent active or historical user sessions in the system. A session holds metadata such as the user ID, IP address, user agent, session ID (SID), and timestamps for creation and expiration. On this page, we’ll explore how to list sessions with pagination, filter and order results, and delete sessions when necessary.

Note: This documentation describes the OpenID Connect (OIDC) implementation for sessions in Raha Account’s IAM. For details on OAuth 2.0 sessions specification.

The session model

Each session encapsulates OIDC configuration required for your app to perform Authorization Code with PKCE and related flows.

Properties

  • Name
    id
    Type
    string
    Description

    Unique identifier for the session.

  • Name
    user_id
    Type
    string
    Description

    Identifier of the user who owns the session.

  • Name
    ip
    Type
    string
    Description

    IP address from which the session was created.

  • Name
    user_agent
    Type
    string
    Description

    User agent string of the device/browser used for the session.

  • Name
    sid
    Type
    string
    Description

    Session ID used to track the session uniquely.

  • Name
    created_at
    Type
    timestamp
    Description

    Timestamp when the session was created.

  • Name
    expires_at
    Type
    timestamp
    Description

    Timestamp when the session will expire.

GET/api/v1/admin/sessions

List all sessions

Retrieve a paginated list of OIDC sessions that you manage.

Optional attributes

  • Name
    pagination[per_page]
    Type
    integer
    Description

    Max number of sessions per page (default 10).

  • Name
    pagination[page]
    Type
    integer
    Description

    Page number to return (default 1).

  • Name
    filter[user_id]
    Type
    string
    Description

    Filter sessions by user ID.

  • Name
    order[created_at]
    Type
    string
    Description

    ASC | DESC. Sort by creation time.

  • Name
    order[expires_at]
    Type
    string
    Description

    ASC | DESC. Sort by expire time.

  • Name
    order[is_active]
    Type
    string
    Description

    ASC | DESC. Sort by active status of the session.

  • Name
    order[revoked_at]
    Type
    string
    Description

    ASC | DESC. Sort by session revokation time.

Request

GET
/v1/admin/sessions
curl -G https://api.account.raha.af/v1/admin/sessions \
-H "Authorization: Bearer {token}" \
-d per_page=10 \
-d page=1

Response

{
    "data": [
{
    "id": "81b8a9ef-1735-45ae-9d3d-8e7d7927a56d",
    "user_id": "1da2e72a-43c2-4c99-a5c9-076e98c8ecbe",
    "ip": "::1",
    "user_agent": "HoppscotchKernel/0.2.0",
    "sid": "81b8a9ef-1735-45ae-9d3d-8e7d7927a56d",
    "expires_at": "2025-10-29T06:55:06.574Z"
}
    ],
    "meta": {
    "page": 1,
    "from": 1,
    "to": 3,
    "last_page": 1,
    "per_page": 10,
    "total": 3
}
}
DELETE/v1/admin/sessions/{id}

Delete a session

Remove an OIDC session. This action is irreversible.

URL parameters

  • Name
    id
    Type
    string
    Description

    The unique identifier of the session to delete.

Request

DELETE
/v1/admin/sessions/{id}
curl -X DELETE https://api.account.raha.af/v1/admin/sessions/{id} \
-H "Authorization: Bearer {token}"

Response

Empty

Was this page helpful?