DeleteSession

Terminate an existing session. This invalidates the session and its token. The session can no longer be used for the authentication of other resources or to authenticate against the Zitadel APIs.

You can only terminate your own session, unless you are granted the session.delete permission.

Required permissions:

session.delete
no permission required for own sessions or when providing the current session token

Path Parameters

session_id*string

The unique identifier of the session to be terminated.

Request Body

application/json

TypeScript Definitions

Use the request body type in TypeScript.

sessionToken?|

The current token of the session, previously returned on the create / update request. The token is required unless either of the following conditions is met:

the caller created the session
the authenticated user requests their own session (checked user)
the security token provided in the authorization header has the same user agent as the session
the caller is granted the permission session.delete permission on either the instance or on the checked user's organization

Response Body

`application/json`

curl -X DELETE "https://loading/v2/sessions/string" \  -H "Content-Type: application/json" \  -d '{}'

{
  "details": {
    "sequence": 0,
    "changeDate": "2023-01-15T01:30:15.01Z",
    "resourceOwner": "string",
    "creationDate": "2023-01-15T01:30:15.01Z"
  }
}

Path Parameters

Request Body

Response Body

200application/json

`application/json`