Terminate Session

POST/web/v1/system/security/sessions/terminate JWT

Terminates a specific session for the authenticated user. Can be used to force-logout sessions on other devices. An audit log entry is created on successful termination.

Required Headers

Header	Example Value	Description
Content-Type	application/json	Request content type
Accept	application/json	Expected response type
X-Client-Hash		Client device fingerprint
Accept-Language	`en`, `zh`, `zh-Hant`, `ja`, `vi`	Response language (default: `en`)
Authorization	Bearer	JWT access token

Request Parameters

Name	Type	Required	In	Description
`request`	`SessionTerminateRequest`	Required	body	Raw request body (encrypted via SecureChannel, auto-decrypted by the server)
`sessionId`	`String`	Required	body	The session ID to terminate (must not be blank)

Request Example

json

{
  "sessionId": "sess-xxx"
}

Success Response

Success 200

{
  "version": "1.3.0",
  "timestamp": 1709337600000,
  "success": true,
  "code": "2000",
  "message": "SUCCESS",
  "data": null
}

Error Responses

Unauthorized 401

{
  "success": false,
  "code": "4010",
  "message": "Invalid or expired token"
}

Notes

An audit log entry (SESSION_TERMINATED) is created when a session is successfully terminated.
The target session must belong to the authenticated user.
The terminated session is immediately invalidated — any requests using that session will be rejected.

Terminate Session ​

Required Headers ​

Request Parameters ​

Request Example ​

Success Response ​

Error Responses ​

Notes ​