Validate a session

curl --request GET \
  --url https://{tenant_id}.hanko.io/sessions/validate \
  --cookie hanko=

{
  "is_valid": true,
  "expiration_time": "2023-11-07T05:31:56Z",
  "user_id": "<string>",
  "claims": {
    "subject": "c339547d-e17d-4ba7-8a1d-b3d5a4d17c1c",
    "expiration": "2023-11-07T05:31:56Z",
    "session_id": "c339547d-e17d-4ba7-8a1d-b3d5a4d17c1c",
    "issued_at": "2023-11-07T05:31:56Z",
    "audience": [
      "<string>"
    ],
    "issuer": "<string>",
    "email": {
      "address": "[email protected]",
      "is_primary": true,
      "is_verified": true
    }
  }
}

GET

sessions

validate

Validate a session

curl --request GET \
  --url https://{tenant_id}.hanko.io/sessions/validate \
  --cookie hanko=

{
  "is_valid": true,
  "expiration_time": "2023-11-07T05:31:56Z",
  "user_id": "<string>",
  "claims": {
    "subject": "c339547d-e17d-4ba7-8a1d-b3d5a4d17c1c",
    "expiration": "2023-11-07T05:31:56Z",
    "session_id": "c339547d-e17d-4ba7-8a1d-b3d5a4d17c1c",
    "issued_at": "2023-11-07T05:31:56Z",
    "audience": [
      "<string>"
    ],
    "issuer": "<string>",
    "email": {
      "address": "[email protected]",
      "is_primary": true,
      "is_verified": true
    }
  }
}

Authorizations

hanko

string

required

Response

Session validation response

is_valid

boolean

Indicates whether the session is valid or not

expiration_time

string<date-time>

deprecated

Date-time indicating the expiration of the session. Deprecated, please use claims.expiration instead.

user_id

string<uuid4>

deprecated

The ID of the user the session is associated with. Deprecated, please use claims.subject instead.

claims

object

The claims extracted from a JWT.

Show child attributes

claims.subject

string<uuid4>

required

The unique identifier of the token's subject.

Example:

"c339547d-e17d-4ba7-8a1d-b3d5a4d17c1c"

claims.expiration

string<date-time>

required

The timestamp indicating when the token will expire.

claims.session_id

string<uuid4>

required

The unique identifier for the session associated with this token.

Example:

"c339547d-e17d-4ba7-8a1d-b3d5a4d17c1c"

claims.issued_at

string<date-time>

The timestamp indicating when the token was issued.

claims.audience

string[]

The intended audience of the token.

claims.issuer

string

The entity that issued the token.

claims.email

object

Data about the email address associated with the token's subject, if available.

Show child attributes

claims.email.address

string<email>

The actual email address.

claims.email.is_primary

boolean

Indicates whether the email address is the primary address.

claims.email.is_verified

boolean

Indicates whether the email address is verified.

SAML identity provider callback Validate a session

⌘I

Getting started

Guides

Using the Hanko API

Integrations

Resources

FAQ & support

Validate a session

Authorizations

Response