Invalidate user sessions

POST /api/security/session/_invalidate
Api key auth Basic auth

Invalidate user sessions that match a query. To use this API, you must be a superuser.

Headers

  • kbn-xsrf string Required

    A required header to protect against CSRF attacks

application/json

Body

  • match string Required

    The method Kibana uses to determine which sessions to invalidate. If it is all, all existing sessions will be invalidated. If it is query, only the sessions that match the query will be invalidated.

    Values are all or query.

  • query object

    The query that Kibana uses to match the sessions to invalidate when the match parameter is set to query.

    Hide query attributes Show query attributes object
    • provider object Required

      The authentication providers that will have their user sessions invalidated.

      Hide provider attributes Show provider attributes object
      • name string

        The authentication provider name.

      • type string Required

        The authentication provide type. For example: basic, token, saml, oidc, kerberos, or pki.

    • username string

      The username that will have its sessions invalidated.

Responses

  • 200 application/json

    Indicates a successful call

    Hide response attribute Show response attribute object
    • total integer

      The number of sessions that were successfully invalidated.
  • 403

    Indicates that the user may not be authorized to invalidate sessions for other users.

POST /api/security/session/_invalidate 
curl \
 --request POST 'https://localhost:5601/api/security/session/_invalidate' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --header "kbn-xsrf: true" \
 --data '"{\n  \"match\" : \"all\"\n}"'
Request examples
Run `POST api/security/session/_invalidate` to invalidate all existing sessions. 
{
  "match" : "all"
}
Run `POST api/security/session/_invalidate` to invalidate sessions that were created by any SAML authentication provider. 
{
  "match" : "query",
  "query": {
    "provider" : { "type": "saml" }
  }
}
Run `POST api/security/session/_invalidate` to invalidate sessions that were created by the SAML authentication provider named `saml1`. 
{
  "match" : "query",
  "query": {
    "provider" : { "type": "saml", "name": "saml1" }
  }
}
Run `POST api/security/session/_invalidate` to invalidate sessions that were created by any OpenID Connect authentication provider for the user with the username `user@my-oidc-sso.com`. 
{
  "match" : "query",
  "query": {
    "provider" : { "type": "oidc" },
    "username": "user@my-oidc-sso.com"
  }
}