Validate Session - COMPASS API Documentation

Validate an existing session token and return the user object

curl --request POST \
  --url http://localhost:2000/auth/validate-session \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "user": {
    "_id": "<string>",
    "emails": "[email protected]",
    "role": "user"
  }
}
'

{
  "data": {
    "user": {
      "_id": "<string>",
      "emails": "[email protected]",
      "role": "user"
    }
  }
}

POST

auth

validate-session

Validate an existing session token and return the user object

curl --request POST \
  --url http://localhost:2000/auth/validate-session \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "user": {
    "_id": "<string>",
    "emails": "[email protected]",
    "role": "user"
  }
}
'

{
  "data": {
    "user": {
      "_id": "<string>",
      "emails": "[email protected]",
      "role": "user"
    }
  }
}

Validate an existing session token and return the user object. Protected route that returns the user object from the request body when the session is valid. Requires authentication and appropriate role middleware.

Request

Headers

Name	Type	Required	Description
Authorization	string	Yes	Bearer token
Content-Type	string	Yes	application/json

Request Body

{
  "user": {
    "_id": "64b7f1a2e4b0a5d3f9c12345",
    "emails": "[email protected]",
    "role": "user"
  }
}

Request Body Schema

Field	Type	Required	Description
user	object	Yes	User object to validate

Response

200 OK - Session valid

Returns the user object.

{
  "data": {
    "user": {
      "_id": "64b7f1a2e4b0a5d3f9c12345",
      "emails": "[email protected]",
      "role": "user"
    }
  }
}

401 Unauthorized

{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid or expired session token"
  }
}

500 Internal Server Error

{
  "error": {
    "code": "SERVER_ERROR",
    "message": "Internal server error"
  }
}

Example

curl -X POST 'http://localhost:2000/auth/validate-session' \
  -H 'Authorization: Bearer your-jwt-token' \
  -H 'Content-Type: application/json' \
  -d '{
    "user": {
      "_id": "64b7f1a2e4b0a5d3f9c12345",
      "emails": "[email protected]",
      "role": "user"
    }
  }'

Notes

This endpoint requires a valid JWT token in the Authorization header
The request body should contain the user object you want to validate
This is useful for checking if a session is still active and valid
The endpoint validates both the token and the user object in the request body
Use this to implement session refresh logic in your application

Authorizations

Authorization

string

header

required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Body

application/json

user

object

Show child attributes

Response

Session valid — returns the user

data

object

Show child attributes

Microsoft OAuth Sign-in Logout

⌘I

OAuth & Sessions

​Request

​Headers

​Request Body

​Request Body Schema

​Response

​200 OK - Session valid

​401 Unauthorized

​500 Internal Server Error

​Example

​Notes

Authorizations

Body

Response

Request

Headers

Request Body

Request Body Schema

Response

200 OK - Session valid

401 Unauthorized

500 Internal Server Error

Example

Notes