Authentication API

How to authenticate with FonProxy API using API keys.

Updated 2026-04-09 16:30:00

For authentication headers and common response fields, see API General.

The recommended way to authenticate with the API is via an API key. See API Keys for how to generate one.

Sessions

All /auth/sessions endpoints require authentication.

List Sessions Auth required

GET /auth/sessions

List active sessions for the current user.

Response

{
  "sessions": [
    {
      "id": "k5Xz9qR2Wp",
      "ip": "91.123.45.67",
      "location": { "country": "UA", "city": "Kyiv" },
      "device": {
        "browser": "Chrome 120",
        "os": "macOS 14.2",
        "device": "Desktop",
        "summary": "Chrome 120 / macOS 14.2"
      },
      "isCurrent": true,
      "lastActiveAt": "2026-03-15T12:00:00.000Z",
      "createdAt": "2026-03-10T08:00:00.000Z"
    },
    ...
  ]
}

Revoke Session Auth required

DELETE /auth/sessions/:id

Revoke a specific session. If the revoked session is the caller's current session, logout: true is returned — the frontend should clear the token and redirect to login.

Response

{ "message": "auth.session_revoked", "logout": false }

logout: true when the caller revoked their own active session.

Revoke All Sessions Auth required

DELETE /auth/sessions

Revoke all sessions except the current one.

Response

{ "message": "auth.sessions_revoked", "revokedCount": 3 }

API Reference

Copy page as Markdown for AI / LLM