Zitadel Preview Docs

Get my session state

Returns the current state of the current session including its factors and all currently satisfied assurance levels. `assurance_levels[]` may shrink over time as factor freshness windows expire, without the session itself expiring. Use step-up authentication (a new `auth_attempt` against the same `session_id`) to restore a dropped assurance level.

GET
/sessions/me

Returns the current state of the current session including its factors and all currently satisfied assurance levels.

assurance_levels[] may shrink over time as factor freshness windows expire, without the session itself expiring. Use step-up authentication (a new auth_attempt against the same session_id) to restore a dropped assurance level.

Authorization

nextgenSession
__nextgen_session<token>

The __nextgen_session cookie issued at session creation or superseding handoff exchange.

A missing or invalid cookie yields 401 with code auth.unauthorized and the message Missing or invalid session token.

In: cookie

Response Body

application/json

application/json

application/json

application/json

curl -X GET "https://example.com/sessions/me"
{  "session_id": "abc123def456",  "project_id": "river-8421",  "state": "active",  "user_id": "user_id_12345",  "factors": [    {      "method": "password",      "verified_at": "2026-04-28T15:32:00Z",      "payload": {        "user_id": "user_id_12345"      }    }  ],  "assurance_levels": [    "urn:nist:aal:1",    "urn:nist:aal:2"  ],  "metadata": {},  "user_agent": {    "fingerprint": "fp_abc123",    "ip": "203.0.113.42"  },  "created_at": "2026-04-29T10:00:00Z",  "expires_at": "2026-04-30T10:00:00Z"}
{  "code": "string",  "message": "string",  "details": {}}
{  "code": "string",  "message": "string",  "details": {}}
{  "code": "string",  "message": "string",  "details": {}}