Revoke a session using a one-time token from a new-device alert email
POST
/v1/auth/revoke-session
const url = 'https://example.com/v1/auth/revoke-session?token=example';const options = {method: 'POST'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request POST \ --url 'https://example.com/v1/auth/revoke-session?token=example'Unauthenticated endpoint. Accepts a one-time revocation token delivered via the new-device login alert email. Validates the token, revokes the referenced session, and marks the token as used. Rate-limited to prevent brute-force guessing.
Parameters
Section titled “ Parameters ”Query Parameters
Section titled “Query Parameters ” token
required
string
The plaintext revocation token from the email link.
Responses
Section titled “ Responses ”Session revoked successfully.
Media type application/json
object
message
required
string
Example generated
{ "message": "example"}Token is invalid, expired, or already used.
Media type application/json
object
code
required
Machine-readable error code (e.g. “not_found”, “tenant_mismatch”).
string
message
required
Human-readable description of the error.
string
details
Optional additional context about the error.
object
key
additional properties
any
notices
Policy notices from determining Cedar rules, if applicable.
Array<string>
Example generated
{ "code": "example", "message": "example", "details": {}, "notices": [ "example" ]}