Session management examples

Below are examples of ways to use session management

Remember me for 30 days after login

Create a session that expires 30 days (43200 minutes) after initial login.

curl --request POST \
  --url https://test.stytch.com/v1/magic_links/authenticate \
  -u 'PROJECT_ID:SECRET' \
  -H 'Content-Type: application/json' \
  -d '{
    "token": "SeiGwdj5lKkrEVgcEY3QNJXt6srxS3IK2Nwkar6mXD4=",
    "session_duration_minutes": 43200
  }'

curl --request POST \
  --url https://test.stytch.com/sessions/authenticate \
  -u 'PROJECT_ID:SECRET' \
  -H 'Content-Type: application/json' \
  -d '{
    "session_token": "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q"
  }'

Remember me for 30 days since you last saw me

Everytime a session is authenticated, extend it for another 30 days (43200 minutes). This means that if the session continues to be successfully authenticated at least once every 30 days the user will remain logged in indefinitely, unless the session is explicitly revoked.

curl --request POST \
  --url https://test.stytch.com/v1/magic_links/authenticate \
  -u 'PROJECT_ID:SECRET' \
  -H 'Content-Type: application/json' \
  -d '{
    "token": "SeiGwdj5lKkrEVgcEY3QNJXt6srxS3IK2Nwkar6mXD4=",
    "session_duration_minutes": 43200
  }'

curl --request POST \
  --url https://test.stytch.com/sessions/authenticate \
  -u 'PROJECT_ID:SECRET' \
  -H 'Content-Type: application/json' \
  -d '{
    "session_token": "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q",
    "session_duration_minutes": 43200
  }'

Log out a user

Log the user out of a given session

curl --request POST \
  --url https://test.stytch.com/v1/sessions/revoke \
  -u 'PROJECT_ID:SECRET' \
  -H 'Content-Type: application/json' \
  -d '{
    "session_id": "session-test-fe6c042b-6286-479f-8a4f-b046a6c46509"
  }'

Log a user out of all sessions

Get all sessions for a given user's ID and individually revoke each of them.

curl --request GET \
  --url https://test.stytch.com/v1/sessions?user_id=user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6 \
  -u 'PROJECT_ID:SECRET'

curl --request POST \
  --url https://test.stytch.com/v1/sessions/revoke \
  -u 'PROJECT_ID:SECRET' \
  -H 'Content-Type: application/json' \
  -d '{
    "session_id": "session-test-fe6c042b-6286-479f-8a4f-b046a6c46509"
  }'

Multiple Authentication Factors

Create a single session from multiple authentication factors.

# Create a new session using the first factor
curl --request POST \
  --url https://test.stytch.com/v1/magic_links/authenticate \
  -u 'PROJECT_ID:SECRET' \
  -H 'Content-Type: application/json' \
  -d '{
    "token": "SeiGwdj5lKkrEVgcEY3QNJXt6srxS3IK2Nwkar6mXD4=",
    "session_duration_minutes": 43200
  }'

# Use the session token to attach the second factor
curl --request POST \
  --url https://test.stytch.com/v1/otps/authenticate \
  -u 'PROJECT_ID:SECRET' \
  -H 'Content-Type: application/json' \
  -d '{
    "method_id": "phone-number-test-d5a3b680-e8a3-40c0-b815-ab79986666d0",
    "code": "123456",
    "session_token": "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q"
  }'