User Sessions

The User Sessions API provides operations to manage User sessions in your org.

End a current User session
CORS

Ends Okta sessions for the currently signed in User. By default, the current session remains active. Use this method in a browser-based app.

Note: This operation requires a session cookie for the User. The API token isn't allowed for this operation.

Request
Request Body schema: application/json
keepCurrent
boolean
Default: true

Skip deleting the user's current session when set to true

Responses
200

OK

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/users/me/lifecycle/delete_sessions
Request samples
application/json
{
  • "keepCurrent": true
}
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}

Revoke all User sessions
CORS
OAuth 2.0: okta.users.manage

Revokes all active Identity Provider sessions of the User. This forces the user to authenticate on the next operation. Optionally revokes OpenID Connect and OAuth refresh and access tokens issued to the User.

Note: This operation doesn't clear the sessions created for web or native apps.

Request
path Parameters
userId
required
string

ID of an existing Okta user

Example: 00ub0oNGTSWTBKOLGLNR
query Parameters
oauthTokens
boolean
Default: false

Revoke issued OpenID Connect and OAuth refresh and access tokens

Responses
204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

delete/api/v1/users/{userId}/sessions
Request samples 
Response samples 
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}