ZITADEL Docs
APIsCore ResourcesV2Session

Get Session

Retrieve a session by its ID. Returns all information about the session, including the factors that were verified, the metadata, user agent information and possible expiration date. The session token is required unless either of the following conditions is met:

  • the caller created the session
  • the authenticated user requests their own session (checked user)
  • the security token provided in the authorization header has the same user agent as the session
  • the caller is granted the permission session.read permission on either the instance or on the checked user's organization

Required permissions:

  • session.read
  • no permission required to get own sessions (see above) or when providing the current session token
GET
/v2/sessions/{session_id}

Path Parameters

session_id*string

The unique identifier of the session to be retrieved.

Query Parameters

sessionToken?string

The current token of the session, previously returned on the create / update request. The token is required unless either of the following conditions is met:

  • the caller created the session
  • the authenticated user requests their own session (checked user)
  • the security token provided in the authorization header has the same user agent as the session
  • the caller is granted the permission session.read permission on either the instance or on the checked user's organization

Response Body

application/json

curl -X GET "https://loading/v2/sessions/string"
{
  "session": {
    "id": "string",
    "creationDate": "2023-01-15T01:30:15.01Z",
    "changeDate": "2023-01-15T01:30:15.01Z",
    "sequence": 0,
    "factors": {
      "user": {
        "verifiedAt": "2023-01-15T01:30:15.01Z",
        "id": "string",
        "loginName": "string",
        "displayName": "string",
        "organizationId": "string"
      },
      "password": {
        "verifiedAt": "2023-01-15T01:30:15.01Z"
      },
      "webAuthN": {
        "verifiedAt": "2023-01-15T01:30:15.01Z",
        "userVerified": true
      },
      "intent": {
        "verifiedAt": "2023-01-15T01:30:15.01Z"
      },
      "totp": {
        "verifiedAt": "2023-01-15T01:30:15.01Z"
      },
      "otpSms": {
        "verifiedAt": "2023-01-15T01:30:15.01Z"
      },
      "otpEmail": {
        "verifiedAt": "2023-01-15T01:30:15.01Z"
      },
      "recoveryCode": {
        "verifiedAt": "2023-01-15T01:30:15.01Z"
      }
    },
    "metadata": {
      "property1": "string",
      "property2": "string"
    },
    "userAgent": {
      "fingerprintId": "string",
      "ip": "string",
      "description": "string",
      "header": {
        "property1": {
          "values": [
            "string"
          ]
        },
        "property2": {
          "values": [
            "string"
          ]
        }
      }
    },
    "expirationDate": "2023-01-15T01:30:15.01Z"
  }
}

Was this page helpful?

DeleteSession

DeleteSession: Terminate an existing session. This invalidates the session and its token. The session can no longer be used for the authentication of other resources or to authenticate against the Zitadel APIs. Y...

List sessions

List sessions: Searches for sessions matching the given query. You can search by session ID, user ID, creation date, creator, user agent or expiration date. Required permissions: