Skip to main content
Auth0 uses sessions to maintain the authentication state of a user across requests.
The Auth0 Management API session management endpoints are available to customers on Enterprise plans. To learn more, read Pricing.

Management API endpoints

The Management API provides out-of-band access to the internals of user sessions in the Auth0 Session Layer, and deletion methods to force session termination.

Session resource

You can view or delete a specific session with the following endpoints:

User resource

You can list or delete all sessions for a given user with the following endpoints:

Session properties

The session endpoints return relevant information about the session and its history. For detailed information about these fields, refer to the Management API documentation.

OIDC Back-Channel Logout Initiators

Session deletion events are connected to OIDC Back-Channel Logout through the session-deleted initiator. To learn more, read OIDC Back-Channel Logout Initiators.

Sessions and refresh tokens

Sessions and collaborate to reduce the friction of user authentication while optimizing security. To learn more, read Best Practices for Application Session Management on Auth0 Blog. Refresh tokens can remain active after a session has expired or been deleted, or after the user logs out. You can use the to manage refresh tokens independently or in collaboration with sessions.

Limitations

Delete session operations run asynchronously, and are eventually consistent.

Learn more