Skip to main content
POST
/
auth
/
validate-session
Validate an existing session token and return the user object
curl --request POST \
  --url http://localhost:2000/auth/validate-session \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "user": {
    "_id": "<string>",
    "emails": "user@example.com",
    "role": "user"
  }
}
'
{
  "data": {
    "user": {
      "_id": "<string>",
      "emails": "user@example.com",
      "role": "user"
    }
  }
}

Documentation Index

Fetch the complete documentation index at: https://compass.docs.sunnyscoach.com/llms.txt

Use this file to discover all available pages before exploring further.

Validate an existing session token and return the user object. Protected route that returns the user object from the request body when the session is valid. Requires authentication and appropriate role middleware.

Request

Headers

NameTypeRequiredDescription
AuthorizationstringYesBearer token
Content-TypestringYesapplication/json

Request Body

{
  "user": {
    "_id": "64b7f1a2e4b0a5d3f9c12345",
    "emails": "user@example.com",
    "role": "user"
  }
}

Request Body Schema

FieldTypeRequiredDescription
userobjectYesUser object to validate

Response

200 OK - Session valid

Returns the user object. 
{
  "data": {
    "user": {
      "_id": "64b7f1a2e4b0a5d3f9c12345",
      "emails": "user@example.com",
      "role": "user"
    }
  }
}

401 Unauthorized

{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid or expired session token"
  }
}

500 Internal Server Error

{
  "error": {
    "code": "SERVER_ERROR",
    "message": "Internal server error"
  }
}

Example

curl -X POST 'http://localhost:2000/auth/validate-session' \
  -H 'Authorization: Bearer your-jwt-token' \
  -H 'Content-Type: application/json' \
  -d '{
    "user": {
      "_id": "64b7f1a2e4b0a5d3f9c12345",
      "emails": "user@example.com",
      "role": "user"
    }
  }'

Notes

  • This endpoint requires a valid JWT token in the Authorization header
  • The request body should contain the user object you want to validate
  • This is useful for checking if a session is still active and valid
  • The endpoint validates both the token and the user object in the request body
  • Use this to implement session refresh logic in your application

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Body

application/json
user
object

Response

Session valid — returns the user

data
object