Auth Sessions API
Manage active authentication sessions.
Base URL: https://api.bluenexus.ai/api/v1/auth-sessions
GET /auth-sessions
List active sessions for the authenticated account.
Auth: Bearer token
GET /auth-sessions/:id
Get a specific session.
DELETE /auth-sessions/:id/revoke
Revoke a session. Invalidates all tokens associated with it.
DELETE /auth-sessions/:id
Delete a session.
PATCH /auth-sessions/:id/provider-permissions
Update provider permissions for a session.
{
"providerPermissions": {
"google": "read-write",
"slack": "read",
"github": "disabled"
}
}
Provider permission values: "read", "read-write", "disabled"
Session Object Fields
Auth session objects include the following access-restriction fields:
| Field | Type | Description |
|---|---|---|
allowedAgentIds |
string[] | null |
Agent IDs the session may access. null = unrestricted |
allowedKnowledgeBaseIds |
string[] | null |
Knowledge base IDs the session may access. null = unrestricted |
These are set at session creation (via agent_ids / knowledge_base_ids on the authorize URL or PAT body) and cannot be changed after the session is created. They carry through token refreshes.