Skip to main content
POST
/
sessions
/
validate
Validate a session
curl --request POST \
  --url https://{tenant_id}.hanko.io/sessions/validate \
  --header 'Content-Type: application/json' \
  --data '
{
  "session_token": "<string>"
}
'
{
  "is_valid": true,
  "expiration_time": "2023-11-07T05:31:56Z",
  "user_id": "<string>",
  "claims": {
    "subject": "c339547d-e17d-4ba7-8a1d-b3d5a4d17c1c",
    "expiration": "2023-11-07T05:31:56Z",
    "session_id": "c339547d-e17d-4ba7-8a1d-b3d5a4d17c1c",
    "issued_at": "2023-11-07T05:31:56Z",
    "audience": [
      "<string>"
    ],
    "issuer": "<string>",
    "email": {
      "address": "jsmith@example.com",
      "is_primary": true,
      "is_verified": true
    },
    "amr": [
      "pwd"
    ]
  },
  "idle_expires_at": "2023-11-07T05:31:56Z"
}

Documentation Index

Fetch the complete documentation index at: https://docs.hanko.io/llms.txt

Use this file to discover all available pages before exploring further.

Body

application/json
session_token
string<JWT>
required

The session token (JWT) to validate

Response

Session validation response

is_valid
boolean

Indicates whether the session is valid or not

expiration_time
string<date-time>
deprecated

Date-time indicating the expiration of the session. Deprecated, please use claims.expiration instead.

user_id
string<uuid4>
deprecated

The ID of the user the session is associated with. Deprecated, please use claims.subject instead.

claims
object

The claims extracted from a JWT.

idle_expires_at
string<date-time>

Timestamp (in UTC) indicating when the session will expire due to inactivity, assuming no further activity occurs before this time. Only present when idle timeout is configured. The value is capped to the JWT expiration time.