Revoke Session

Revoke an active session

DELETE /api/v1/sessions/:id

Revokes an active session by its session_id. Once revoked, the session cannot be reactivated. The user's JWT remains valid until it expires — this endpoint marks the session as revoked in Clowk's records.

Request

curl -X DELETE \
  https://myapp.clowk.dev/api/v1/sessions/clk_session_a1b2c3d4-e5f6-7890-abcd-ef1234567890 \
  -H "X-Clowk-Secret-Key: sk_live_..."

Headers

HeaderRequiredDescription
X-Clowk-Secret-KeyYesYour instance secret key

Path parameters

ParameterTypeDescription
idstringThe session_id value (format: clk_session_UUID)

Response

200 — Revoked

{
  "revoked": true,
  "session_id": "clk_session_a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}

401 — Unauthorized

{ "error": "Unauthorized" }

404 — Not found

{ "error": "Session not found" }

422 — Already revoked

{ "error": "Session already revoked" }

SDK usage

# Ruby
client.sessions.revoke("clk_session_a1b2c3d4-...")
# or equivalently:
client.sessions.destroy("clk_session_a1b2c3d4-...")
// JavaScript
await client.sessions.revoke('clk_session_a1b2c3d4-...')
// or equivalently:
await client.sessions.destroy('clk_session_a1b2c3d4-...')

Instance-level session limits

You can configure max_concurrent_sessions on an instance to automatically revoke older sessions when a new one is created:

  • null — unlimited concurrent sessions (default)
  • 1 — single active session per user; the oldest is revoked when a new sign-in occurs
  • n — up to n concurrent sessions per user

Search Sessions

Search sessions using field operators with wildcards, negation, and date comparisons

Search Operators

Reference for all query operators supported across Clowk search endpoints

On this page

DELETE /api/v1/sessions/:id
Request
Headers
Path parameters
Response
200 — Revoked
401 — Unauthorized
404 — Not found
422 — Already revoked
SDK usage
Instance-level session limits