Skip to main content
POST
/
sessions
/
by-slug
/
:slug
/
policy
Update Session Policy
curl --request POST \
  --url https://api.example.com/sessions/by-slug/:slug/policy \
  --header 'Content-Type: application/json' \
  --data '
{
  "public": true,
  "maxConcurrentViewers": 123,
  "blockPaths": [
    "<string>"
  ],
  "password": "<string>"
}
'
{
  "ok": true,
  "policy": {
    "public": true,
    "maxConcurrentViewers": 123,
    "blockPaths": [
      "<string>"
    ],
    "password": "<string>"
  }
}
Update the access policy for a session, including visibility, viewer limits, blocked paths, and password protection.

Path Parameters

slug
string
required
The session slug (format: adjective-noun-number)

Request Body

All fields are optional. Only the fields provided will be updated.
public
boolean
Whether the session is publicly accessibleWhen set to false, the session becomes private and requires additional authentication.
maxConcurrentViewers
number
Maximum number of concurrent viewers allowed in the sessionDefault is 20. Set to a lower number to limit concurrent access.
blockPaths
string[]
Array of URL paths to block from being accessed by viewersExample: ["/admin", "/api/internal"]
password
string
Password required for viewers to access the sessionSet to an empty string to remove password protection.

Response

ok
boolean
required
Whether the update was successful
policy
object
required
The updated policy object
public
boolean
required
Whether the session is publicly accessible
maxConcurrentViewers
number
required
Maximum number of concurrent viewers allowed
blockPaths
string[]
required
Array of blocked URL paths
password
string
required
Viewer access password

Example Request

curl -X POST https://control.wormkey.io/sessions/by-slug/quiet-lime-42/policy \
  -H "Content-Type: application/json" \
  -d '{
    "public": false,
    "maxConcurrentViewers": 5,
    "blockPaths": ["/admin", "/api/internal"],
    "password": "secure123"
  }'

Example Response

{
  "ok": true,
  "policy": {
    "public": false,
    "maxConcurrentViewers": 5,
    "blockPaths": ["/admin", "/api/internal"],
    "password": "secure123"
  }
}

Partial Update Example

You can update individual fields without affecting others: 
curl -X POST https://control.wormkey.io/sessions/by-slug/quiet-lime-42/policy \
  -H "Content-Type: application/json" \
  -d '{
    "maxConcurrentViewers": 10
  }'

{
  "ok": true,
  "policy": {
    "public": true,
    "maxConcurrentViewers": 10,
    "blockPaths": [],
    "password": ""
  }
}

Error Response

Returns a 404 error if the session is not found: 
{
  "error": "Session not found"
}

Build docs developers (and LLMs) love

Get started for freeTalk to us