Reset Sessions
Invalidates all open JWT sessions for a specified user, forcing them to re-authenticate on their next request.
Endpoint
POST /v2/users/reset/{id}
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
id | integer | Yes | The User ID whose sessions should be invalidated |
This endpoint is particularly useful for security incidents — for example, if a user's credentials are suspected to be compromised, calling this endpoint immediately revokes all active bearer tokens without requiring an API key rotation.
Response
Returns a boolean indicating whether the session reset was successful.
{
"success": true,
"data": true
}
Code Examples
- cURL
- C#
- Java
- Node.js
- Python
curl -X POST "https://rest.ecgrid.io/v2/users/reset/$ID" \
-H "X-API-Key: $ECGRID_API_KEY"
// .NET 10 — Invalidate all JWT sessions for a user using IHttpClientFactory
// Use this during security incidents to force re-authentication
public async Task<bool> ResetSessionsAsync(IHttpClientFactory httpClientFactory, int userId)
{
var http = httpClientFactory.CreateClient("ECGridRest");
// POST with no body — the user ID is in the path
var response = await http.PostAsync(
$"https://rest.ecgrid.io/v2/users/reset/{userId}",
content: null);
response.EnsureSuccessStatusCode();
var result = await response.Content.ReadFromJsonAsync<ApiResponse<bool>>();
return result?.Data ?? false;
}
import java.net.URI;
import java.net.http.*;
String apiKey = System.getenv("ECGRID_API_KEY");
String id = "0"; // replace with actual id
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create(String.format("https://rest.ecgrid.io/v2/users/reset/%s", id)))
.header("X-API-Key", apiKey)
.GET()
.build();
HttpClient client = HttpClient.newHttpClient();
HttpResponse<String> response = client.send(
request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
const apiKey = process.env.ECGRID_API_KEY;
const url = `https://rest.ecgrid.io/v2/users/reset/${id}`;
const response = await fetch(url, {
method: 'POST',
headers: { 'X-API-Key': apiKey },
});
const data = await response.json();
console.log(data);
import os, requests
api_key = os.environ["ECGRID_API_KEY"]
headers = {"X-API-Key": api_key}
id = 0 # replace with actual id
url = f"https://rest.ecgrid.io/v2/users/reset/{id}"
response = requests.post(url, headers=headers)
response.raise_for_status()
print(response.json())
See Also
- Generate API Key — rotate the user's API key in addition to revoking sessions
- Terminate User — permanently disable the account if the security concern is severe
- Authentication — details on JWT session lifecycle