> ## Documentation Index
> Fetch the complete documentation index at: https://docs.authsignal.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Validate Session

> Validate a session for a given access token. This will ensure both that the token signature is valid and that the token has not been revoked.



## OpenAPI

````yaml server-api POST /sessions/validate
openapi: 3.0.0
info:
  description: Authsignal's Server API.
  version: 1.0.0
  title: Server API
  termsOfService: https://www.authsignal.com/legal/terms-of-service
  contact:
    email: hello@authsignal.com
servers:
  - url: https://api.authsignal.com/v1
  - url: https://au.api.authsignal.com/v1
  - url: https://eu.api.authsignal.com/v1
  - url: https://ca.api.authsignal.com/v1
security:
  - basicAuth: []
tags:
  - name: users
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: challenge
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: authenticator configurations
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: actions
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: query
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: email
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: sms
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: verify
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: challenges
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: sessions
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: devices
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
externalDocs:
  description: Find out more about Authsignal
  url: https://docs.authsignal.com
paths:
  /sessions/validate:
    post:
      tags:
        - sessions
      summary: Validate session
      description: >-
        Validate a session for a given access token. This will ensure both that
        the token signature is valid and that the token has not been revoked.
      operationId: validateSession
      requestBody:
        content:
          application/json:
            schema:
              type: object
              properties:
                accessToken:
                  type: string
                  description: The access token to be validated.
                clientIds:
                  type: array
                  items:
                    type: string
                  description: >-
                    A list of IDs of the app clients for which the access token
                    is valid. If provided, the access token must be issued for
                    one of these clients.
              required:
                - accessToken
            example:
              accessToken: eyJhbGciOiJ...
              clientIds:
                - 64818035-68c3-4087-a449-bdd176a166c4
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                type: object
                properties:
                  user:
                    type: object
                    description: A JSON object containing user claims.
                  expiresAt:
                    type: number
                    description: The token expiry as a Unix timestamp in seconds.
                  verificationMethod:
                    $ref: '#/components/schemas/VerificationMethod'
                    description: >-
                      The verification method which was used to create the
                      session.
                required:
                  - user
                  - expiresAt
        '400':
          $ref: '#/components/responses/InvalidRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
components:
  schemas:
    VerificationMethod:
      type: string
      enum:
        - SMS
        - AUTHENTICATOR_APP
        - EMAIL_MAGIC_LINK
        - EMAIL_OTP
        - PUSH
        - DEVICE
        - SECURITY_KEY
        - PASSKEY
        - VERIFF
        - IPROOV
        - PALM_BIOMETRICS_RR
        - IDVERSE
    Error:
      type: object
      properties:
        error:
          type: string
        errorDescription:
          type: string
      required:
        - error
  responses:
    InvalidRequest:
      description: Invalid Request
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Unauthorized:
      description: Unauthorized
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  securitySchemes:
    basicAuth:
      type: http
      scheme: basic
      description: >-
        Use your Authsignal Server API secret key as the username and leave the
        password empty. The secret key can be found in the API Keys section of
        the Authsignal Portal settings page.

````