/admin/sessions/bulkAdministrator batch revokes sessions by a list of session IDs, up to 100, synchronous, returns success/failure statistics. References: RFC 7519 (JWT), NIST SP 800-63B §4 (Session Management).
Accepts an empty JSON object {}
| Status | Description | Schema |
|---|---|---|
| 200 | Batch revoke result statistics | dto.BatchRevokeResponse |
| 400 | Invalid request parameters (session_ids empty or exceeds 100) | dto.Problem |
| 401 | Unauthenticated or token expired | dto.Problem |
| 403 | No administrator permission | dto.Problem |
| 404 | Tenant not found | dto.Problem |
| 500 | Internal server error | dto.Problem |
| Field | Type | Required | Example | Constraints | Description |
|---|---|---|---|---|---|
failed |
array of string |
No | ['sess_xyz789'] |
||
succeeded |
array of string |
No | ['sess_abc123', 'sess_def456'] |
||
total |
integer |
No | 3 |
| Field | Type | Required | Example | Constraints | Description |
|---|---|---|---|---|---|
code |
string |
No | Code is an error code (optional). Used by programs to identify error types, e.g., "required", "format", "range" | ||
description |
string |
No | Description is a human-readable error description. Should explain which rule was violated, e.g., "Must be a valid email address" | ||
field |
string |
No | Field is the path to the error field. Uses dot notation for nested fields, e.g., "user.email" or "addresses[0].city" | ||
value |
object |
No | Value is the value that caused the error (optional, used in development mode). May not be returned in production to avoid leaking sensitive information |
| Field | Type | Required | Example | Constraints | Description |
|---|---|---|---|---|---|
code |
integer |
No | Code is a business error code. Used by programs to handle specific error scenarios. Example: 30101001 | ||
detail |
string |
No | Detail is a human-readable explanation for this specific error instance. May include specific error details, e.g., "Field 'email' is required" | ||
errors |
array of |
No | Errors is a list of field-level validation errors (extension field). Follows Web API standard practices, each error contains field name and error message | ||
i18n_args |
object |
No | I18nArgs are internationalization parameters. Used to dynamically fill translation templates | ||
i18n_key |
string |
No | I18nKey is an internationalization key. Used for client-side localization of error messages. Example: "error.user_not_found" | ||
instance |
string |
No | Instance is a specific URI reference where the problem occurred. Usually the request URL, may include query parameters. Example: "/api/v1/users?limit=invalid" | ||
request_id |
string |
No | RequestID is a unique request identifier. Used for log correlation and issue tracking. Example: "req_550e8400-e29b-41d4-a716-446655440000" | ||
retry_after |
integer |
No | RetryAfter is used for 429 Too Many Requests responses. Indicates how many seconds the client should wait before retrying (RFC 6585) | ||
service |
string |
No | Service is the service name. Used in microservice architecture to locate the error source. Example: "auth-service" | ||
span_id |
string |
No | SpanID is the current span identifier. Used to precisely locate the current node in a distributed trace | ||
status |
integer |
No | Status is the HTTP status code generated. Used by clients to distinguish problem types, does not change with Accept-Language. Example: 400, 401, 403, 404, 500 | ||
timestamp |
string |
No | Timestamp is the error occurrence time. ISO 8601 format. Example: "2026-04-03T12:00:00Z" | ||
title |
string |
No | Title is a short, human-readable summary of the problem type. The same Type should always have the same Title (does not change per instance). Example: "Invalid Request Parameters" | ||
trace_id |
string |
No | TraceID is a distributed tracing identifier. Follows W3C Trace Context standard. Example: "00-0af7651916cd43dd8448eb211c80319c-b7ad6b7169203331-01" | ||
type |
string |
No | Type is a URI reference that identifies the problem type. When dereferenced, it should provide human-readable documentation. Example: "https://api.example.com/errors/invalid-request" |