Skip to main content
GET
/
sessions
/
validate
Validate a session
curl --request GET \
  --url https://{tenant_id}.hanko.io/sessions/validate \
  --cookie hanko=
{
  "is_valid": true,
  "expiration_time": "2023-11-07T05:31:56Z",
  "user_id": "<string>",
  "claims": {
    "subject": "c339547d-e17d-4ba7-8a1d-b3d5a4d17c1c",
    "expiration": "2023-11-07T05:31:56Z",
    "session_id": "c339547d-e17d-4ba7-8a1d-b3d5a4d17c1c",
    "issued_at": "2023-11-07T05:31:56Z",
    "audience": [
      "<string>"
    ],
    "issuer": "<string>",
    "email": {
      "address": "jsmith@example.com",
      "is_primary": true,
      "is_verified": true
    },
    "amr": [
      "pwd"
    ]
  },
  "idle_expires_at": "2023-11-07T05:31:56Z"
}

Documentation Index

Fetch the complete documentation index at: https://docs.hanko.io/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

hanko
string
cookie
required

Response

Session validation response

is_valid
boolean

Indicates whether the session is valid or not

expiration_time
string<date-time>
deprecated

Date-time indicating the expiration of the session. Deprecated, please use claims.expiration instead.

user_id
string<uuid4>
deprecated

The ID of the user the session is associated with. Deprecated, please use claims.subject instead.

claims
object

The claims extracted from a JWT.

idle_expires_at
string<date-time>

Timestamp (in UTC) indicating when the session will expire due to inactivity, assuming no further activity occurs before this time. Only present when idle timeout is configured. The value is capped to the JWT expiration time.