Skip to main content
POST
/
sessions
/
validate
Validate session
curl --request POST \
  --url https://api.authsignal.com/v1/sessions/validate \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "accessToken": "eyJhbGciOiJ...",
  "clientIds": [
    "64818035-68c3-4087-a449-bdd176a166c4"
  ]
}
'
{
  "user": {},
  "expiresAt": 123
}

Authorizations

Authorization
string
header
required

Use your Authsignal Server API secret key as the username and leave the password empty. The secret key can be found in the API Keys section of the Authsignal Portal settings page.

Body

application/json
accessToken
string
required

The access token to be validated.

clientIds
string[]

A list of IDs of the app clients for which the access token is valid. If provided, the access token must be issued for one of these clients.

Response

OK

user
object
required

A JSON object containing user claims.

expiresAt
number
required

The token expiry as a Unix timestamp in seconds.

verificationMethod
enum<string>

The verification method which was used to create the session.

Available options:
SMS,
AUTHENTICATOR_APP,
EMAIL_MAGIC_LINK,
EMAIL_OTP,
PUSH,
DEVICE,
SECURITY_KEY,
PASSKEY,
VERIFF,
IPROOV,
PALM_BIOMETRICS_RR,
IDVERSE