Get Active Sessions
Retrieve all active sessions for the authenticated user.
curl -X GET https://api.cryptoshop.com/api/sessions \
-H "Authorization: Bearer YOUR_TOKEN"
Response
Indicates if the request was successful
Array of session objects sorted by last active time (most recent first)
User ID associated with the session
Device name or identifier
IP address from which the session was created
Browser/client user agent string
Timestamp of last activity in this session
Whether the session is currently active
Session creation timestamp
{
"success": true,
"sessions": [
{
"_id": "648a1234567890abcdef1234",
"userId": "648a1234567890abcdef5678",
"device": "Chrome on Windows",
"ipAddress": "192.168.1.100",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...",
"lastActive": "2024-03-15T12:45:00.000Z",
"isActive": true,
"createdAt": "2024-03-15T09:30:00.000Z"
},
{
"_id": "648a1234567890abcdef5678",
"userId": "648a1234567890abcdef5678",
"device": "Safari on iPhone",
"ipAddress": "192.168.1.101",
"userAgent": "Mozilla/5.0 (iPhone; CPU iPhone OS 17_0 like Mac OS X)...",
"lastActive": "2024-03-15T11:20:00.000Z",
"isActive": true,
"createdAt": "2024-03-14T18:15:00.000Z"
}
]
}
Delete Session
Terminate a specific session by its ID. Useful for logging out from a specific device.
curl -X DELETE https://api.cryptoshop.com/api/sessions/648a1234567890abcdef1234 \
-H "Authorization: Bearer YOUR_TOKEN"
Path Parameters
Response
Indicates if the request was successful
{
"success": true,
"message": "Session terminated successfully"
}
Error Responses
{
"success": false,
"error": "Session not found"
}
You can only delete your own sessions. Attempting to delete another user’s session will return a 403 Forbidden error.
Use this endpoint to implement a “Sign out from all devices” feature by deleting all sessions except the current one.