bitcain docs
API Reference

Sessions

Session security - fingerprinting, hijacking detection, concurrent limits

Generate Fingerprint

POST
/api/v1/sessions/fingerprint

Request Body

application/json

user_agent*string

Browser user agent string

ip_address*string

Client IP address

accept_language?|

Accept-Language header

screen_resolution?|

Screen resolution (e.g., '1920x1080')

timezone?|

Client timezone (e.g., 'America/New_York')

Response Body

application/json

application/json

curl -X POST "https://loading/api/v1/sessions/fingerprint" \  -H "Content-Type: application/json" \  -d '{    "user_agent": "string",    "ip_address": "string"  }'
{}
{
  "detail": [
    {
      "loc": [
        "string"
      ],
      "msg": "string",
      "type": "string",
      "input": null,
      "ctx": {}
    }
  ]
}

Create Session

POST
/api/v1/sessions/create

Authorization

HTTPBearer
AuthorizationBearer <token>

In: header

Request Body

application/json

ip_address*string

Client IP address

user_agent*string

Browser user agent

device_fingerprint?|

Pre-computed device fingerprint

geo_country?|

Geolocation country code

geo_city?|

Geolocation city

idle_timeout_minutes?integer

Idle timeout (5-1440 minutes)

Default60
Range5 <= value <= 1440

Response Body

application/json

application/json

curl -X POST "https://loading/api/v1/sessions/create" \  -H "Content-Type: application/json" \  -d '{    "ip_address": "string",    "user_agent": "string"  }'
{
  "success": true,
  "session_id": "string",
  "fingerprint": "string",
  "expires_at": "2019-08-24T14:15:22Z",
  "error": "string"
}
{
  "detail": [
    {
      "loc": [
        "string"
      ],
      "msg": "string",
      "type": "string",
      "input": null,
      "ctx": {}
    }
  ]
}

Validate Session

POST
/api/v1/sessions/validate

Authorization

HTTPBearer
AuthorizationBearer <token>

In: header

Request Body

application/json

session_id*string

Session UUID to validate

current_ip*string

Current client IP

current_user_agent*string

Current user agent

current_fingerprint?|

Current device fingerprint

Response Body

application/json

application/json

curl -X POST "https://loading/api/v1/sessions/validate" \  -H "Content-Type: application/json" \  -d '{    "session_id": "string",    "current_ip": "string",    "current_user_agent": "string"  }'
{
  "is_valid": true,
  "error_message": "string",
  "session_id": "string",
  "is_suspicious": false,
  "risk_score": 0
}
{
  "detail": [
    {
      "loc": [
        "string"
      ],
      "msg": "string",
      "type": "string",
      "input": null,
      "ctx": {}
    }
  ]
}

Get Active Sessions

GET
/api/v1/sessions/active

Authorization

HTTPBearer
AuthorizationBearer <token>

In: header

Response Body

application/json

curl -X GET "https://loading/api/v1/sessions/active"
{
  "sessions": [
    {
      "session_id": "string",
      "status": "string",
      "ip_address": "string",
      "user_agent": "string",
      "geo_country": "string",
      "geo_city": "string",
      "created_at": "2019-08-24T14:15:22Z",
      "last_activity_at": "2019-08-24T14:15:22Z",
      "is_current": false
    }
  ],
  "total_count": 0,
  "max_concurrent": 5
}

Secure Logout

POST
/api/v1/sessions/logout

Authorization

HTTPBearer
AuthorizationBearer <token>

In: header

Request Body

application/json

session_id*string

Current session UUID

revoke_all?boolean

Revoke all sessions for user

Defaultfalse

Response Body

application/json

application/json

curl -X POST "https://loading/api/v1/sessions/logout" \  -H "Content-Type: application/json" \  -d '{    "session_id": "string"  }'
{
  "success": true,
  "revoked_sessions": 0,
  "revoke_all": true,
  "error": "string"
}
{
  "detail": [
    {
      "loc": [
        "string"
      ],
      "msg": "string",
      "type": "string",
      "input": null,
      "ctx": {}
    }
  ]
}

Revoke Session

DELETE
/api/v1/sessions/{session_id}

Authorization

HTTPBearer
AuthorizationBearer <token>

In: header

Path Parameters

session_id*string

Request Body

application/json

reason?string

Revocation reason

Default"User revoked"
Lengthlength <= 255

Response Body

application/json

application/json

curl -X DELETE "https://loading/api/v1/sessions/string" \  -H "Content-Type: application/json" \  -d '{}'
{
  "property1": true,
  "property2": true
}
{
  "detail": [
    {
      "loc": [
        "string"
      ],
      "msg": "string",
      "type": "string",
      "input": null,
      "ctx": {}
    }
  ]
}

Cleanup Expired Sessions

POST
/api/v1/sessions/cleanup

Authorization

HTTPBearer
AuthorizationBearer <token>

In: header

Response Body

application/json

curl -X POST "https://loading/api/v1/sessions/cleanup"
{
  "property1": 0,
  "property2": 0
}