GET /api/my-account/sessions
O auth2

Retrieve all non-expired sessions for the user, including session metadata and interaction details when available. A logto-verification-id in header is required for checking sensitive session details. Each entry includes an isCurrent boolean: true for the entry whose OIDC session backs the calling access token, false for the others. Use this to mark the "This device" entry in session-management UIs and to avoid revoking the caller's own session. At most one entry is true per response. Zero entries are tagged when the calling access token has no matching session uid — for example, the caller has revoked its own session but the token has not yet expired, or the token was issued from a non-session-backed grant.

Responses

  • 200 application/json

    Return a list of non-expired sessions of the user. At most one entry has isCurrent: true per request.

    Hide response attribute Show response attribute object
    • sessions array[object] Required
      Hide sessions attributes Show sessions attributes object
      • payload object Required
        Hide payload attributes Show payload attributes object
        • exp number Required
        • iat number Required
        • jti string Required
        • uid string Required
        • kind string("Session") Required
        • loginTs number Required
        • accountId string Required
        • authorizations object
          Hide authorizations attribute Show authorizations attribute object
          • * object Additional properties
            Hide * attributes Show * attributes object
            • sid string
            • grantId string
            • persistsLogout boolean
      • lastSubmission object | null Required
        Hide lastSubmission attributes Show lastSubmission attributes object | null
        • interactionEvent string Required

          Values are SignIn, Register, or ForgotPassword.

        • userId string Required
        • verificationRecords array[object] Required
          One of:
          object-1 object object-2 object object-3 object object-4 object object-5 object object-6 object object-7 object object-8 object object-9 object object-10 object object-11 object object-12 object object-13 object
        • signInContext object
          Hide signInContext attribute Show signInContext attribute object
          • * string Additional properties
      • clientId string | null Required
      • accountId string | null Required
      • expiresAt number Required
      • isCurrent boolean Required
  • 400

    Bad Request

  • 401

    Permission denied, the verification record is invalid or the session does not have the required scope to access session details.

  • 403

    Forbidden

  • 500

    Internal Server Error

GET /api/my-account/sessions 
curl \
 --request GET 'https://[tenant_id].logto.app/api/my-account/sessions' \
 --header "Authorization: Bearer $ACCESS_TOKEN"
Response examples (200) 
{
  "sessions": [
    {
      "payload": {
        "exp": 42.0,
        "iat": 42.0,
        "jti": "string",
        "uid": "string",
        "kind": "string",
        "loginTs": 42.0,
        "accountId": "string",
        "authorizations": {
          "additionalProperty1": {
            "sid": "string",
            "grantId": "string",
            "persistsLogout": true
          },
          "additionalProperty2": {
            "sid": "string",
            "grantId": "string",
            "persistsLogout": true
          }
        }
      },
      "lastSubmission": {
        "interactionEvent": "SignIn",
        "userId": "string",
        "verificationRecords": [
          {
            "id": "string",
            "type": "string",
            "identifier": {
              "type": "username",
              "value": "string"
            },
            "verified": true
          }
        ],
        "signInContext": {
          "additionalProperty1": "string",
          "additionalProperty2": "string"
        }
      },
      "clientId": "string",
      "accountId": "string",
      "expiresAt": 42.0,
      "isCurrent": true
    }
  ]
}