Get Sessions Config
GET
/web/v1/system/security/sessions/config JWTRetrieves the authenticated user's session configuration including SSO status, maximum concurrent sessions, and last login information.
Required Headers
| Header | Example Value | Description |
|---|---|---|
| Content-Type | application/json | Request content type |
| Accept | application/json | Expected response type |
| X-Client-Hash | Client device fingerprint | |
| Accept-Language | en, zh, zh-Hant, ja, vi | Response language (default: en) |
| Authorization | Bearer | JWT access token |
| X-SC-Session-Id | Secure channel session ID |
Request Parameters
No request parameters required.
Request Example
No request body required.
Success Response
Success 200
{
"version": "1.3.0",
"timestamp": 1709337600000,
"success": true,
"code": "2000",
"message": "SUCCESS",
"data": {
"accountBizId": "ACC_SYS_001",
"ssoEnabled": false,
"maxSessions": 3,
"passwordChangedAt": "2026-03-20T08:15:00Z",
"lastLoginAt": "2026-03-23T12:00:00Z",
"lastLoginIp": "192.168.***"
}
}| Field | Type | Description |
|---|---|---|
accountBizId | string | Account business ID |
ssoEnabled | boolean | Whether SSO is enabled |
maxSessions | integer | Maximum concurrent sessions allowed (1-5) |
passwordChangedAt | string (ISO 8601) or null | Last password change timestamp |
lastLoginAt | string (ISO 8601) or null | Last login timestamp |
lastLoginIp | string or null | Last login IP address (masked for privacy, e.g. "192.168.***") |
Error Responses
Unauthorized 401
{
"success": false,
"code": "4010",
"message": "Invalid or expired token"
}Notes
lastLoginIpis masked for privacy (e.g."192.168.***").- MFA status is not included here — use List MFA Methods instead.
- IP whitelist status is not included here — use Get IP Whitelist instead.