The Auth0 Management API session management endpoints are available to customers on Enterprise plans. To learn more, read Pricing.
Management API endpoints
The Management API provides out-of-band access to the internals of user sessions in the Auth0 Session Layer, and deletion methods to force session termination.Session resource
You can view or delete a specific session with the following endpoints:| Name | URL | Required scope(s) |
|---|---|---|
| Introspect a specific session by ID | GET /api/v2/sessions/ | read:sessions |
| Delete a specific session by ID | DELETE /api/v2/sessions/ | delete:sessions |
User resource
You can list or delete all sessions for a given user with the following endpoints:| Name | URL | Required scope(s) |
|---|---|---|
| List sessions details of a user | GET /api/v2/users//sessions | read:sessions |
| Delete all user sessions | DELETE /api/v2/users//sessions | delete:sessions |
Session properties
The session endpoints return relevant information about the session and its history.| Field | Description |
|---|---|
| Session ID | The session ID is a persistent identifier of the session in the Auth0 tenant. Note that the session ID corresponds to the sid claim already in ID Tokens and Logout Tokens and can be used to cross-reference these entities. |
| Relevant Time | Session creation, authentication time, and expiry information. |
| Device Information | The device property traces details related to the user agent (for example, browser) used in the interactions with this Auth0 session. |
| Authentication Information | Contains summary information about the methods used to authenticate in this session. |
OIDC Back-Channel Logout Initiators
Session deletion events are connected to OIDC Back-Channel Logout through thesession-deleted initiator. To learn more, read OIDC Back-Channel Logout Initiators.