Clear user-specific session settings—the session duration and what happens when the client closes—for a list of users.

Required Params

• user_ids - The IDs of users you'd like to clear session settings for. ex: ['U1234']

Errors the API can return:

• admin_unauthorized - The owner of this token isn't authorized to clear sessions.
• bots_not_allowed - Bot users may not have their settings cleared.
• feature_not_enabled - This method is only available to Enterprise customers.
• not_an_admin - The owner of this token isn't an Org Owner or Admin.
• unknown_method - This method is currently not available.
• user_not_found - There was an error finding a requested user.

See the Common Errors guide for errors returned by every Web API method.

Get user-specific session settings—the session duration and what happens when the client closes—given a list of users.

Required Params

• user_ids - The IDs of users you'd like to fetch session settings for. Note: if a user does not have any active sessions, they will not be returned in the response. ex: ['U1234']

Errors the API can return:

• admin_unauthorized - The owner of this token isn't authorized to list sessions.
• bots_not_allowed - Bot sessions are not listed by this method.
• feature_not_enabled - This method is only available to Enterprise customers.
• not_an_admin - The owner of this token isn't an Org Owner or Admin.
• restricted_action - The owner of this token isn't an Org Owner or Admin.
• unknown_method - This method is currently not available.
• user_not_found - There was an error finding the requested user.

See the Common Errors guide for errors returned by every Web API method.

Revoke a single session for a user. The user will be forced to login to Slack.

Required Params

• session_id - ID of the session to invalidate. ex: 12345
• user_id - ID of the user that the session belongs to. ex: U12345

Optional Params

• team_id - ID of the workspace that the session belongs to. ex: T1234

Errors the API can return:

• admin_unauthorized - The token provided doesn't have permission to revoke a session.
• cannot_invalidate_primary_owner - Only the primary owner of an organization can invalidate a primary owner's sessions.
• feature_not_enabled - The token provided can't call this method.
• not_an_admin - This method must be called by an Org Owner or Admin.
• session_invalidation_failed - There was an error invalidating the session.
• session_not_found - The requested session wasn't found.
• unknown_method - This method is currently not available.
• user_not_found - The requested user wasn't found.

See the Common Errors guide for errors returned by every Web API method.

List active user sessions for an organization

Optional Params

• cursor - Set cursor to next_cursor returned by the previous call to list items in the next page. ex: 5c3e53d5
• limit - The maximum number of items to return. Must be between 1 - 1000 both inclusive. ex: 100
• team_id - The ID of the workspace you'd like active sessions for. If you pass a team_id, you'll need to pass a user_id as well. If no user_id and team_id are passed, you'll receive a paginated list of all sessions. When you pass user_id and team_id (which must be used together), you'll receive a list of active sessions by that user on the workspace specified by team_id. ex: T1234
• user_id - The ID of user you'd like active sessions for. If you pass a user_id, you'll need to pass a team_id as well. If no user_id and team_id are passed, you'll receive a paginated list of all sessions. When you pass user_id and team_id (which must be used together), you'll receive a list of active sessions by that user on the workspace specified by team_id. ex: U1234

Errors the API can return:

• admin_unauthorized - The owner of this token isn't authorized to list sessions.
• bots_not_allowed - Bot sessions are not listed by this method.
• feature_not_enabled - This method is only available to Enterprise customers.
• invalid_cursor - The cursor passed was invalid.
• missing_team - A team_id must be provided with a user_id.
• missing_user - A user_id must be provided with a team_id.
• no_active_sessions - No active sessions were found.
• not_an_admin - The owner of this token isn't an Org Owner or Admin.
• team_not_found - There was an error finding the requested workspace.
• unknown_method - This method is currently not available.
• user_not_found - There was an error finding the requested user.

See the Common Errors guide for errors returned by every Web API method.

Wipes all valid sessions on all devices for a given user

Required Params

• user_id - The ID of the user to wipe sessions for ex: W12345678

Optional Params

• mobile_only - Only expire mobile sessions (default: false). Use the web_only and mobile_only parameters to wipe only web or only mobile sessions.
• web_only - Only expire web sessions (default: false). Use the web_only and mobile_only parameters to wipe only web or only mobile sessions.

Errors the API can return:

• cannot_reset_bot - Cannot reset bot users
• cannot_reset_primary_owner - Only primary owner can reset primary owner's sessions
• feature_not_enabled - This method is not available for this product level
• not_an_admin - This method is only accessible by org/compliance team owners and admins
• unknown_method - This method is currently not available
• user_not_found - Error fetching user
• user_session_reset_failed - There was an error starting the session reset. Try again.

See the Common Errors guide for errors returned by every Web API method.

Enqueues an asynchronous job to wipe all valid sessions on all devices for a given list of users

Required Params

• user_ids - The list of up to 1,000 user IDs to wipe sessions for ex: ["W12345678", "W98765432"]

Optional Params

• mobile_only - Only expire mobile sessions (default: false). Use the web_only and mobile_only parameters to wipe only web or only mobile sessions.
• web_only - Only expire web sessions (default: false). Use the web_only and mobile_only parameters to wipe only web or only mobile sessions.

Errors the API can return:

• cannot_reset_bot - Cannot reset bot users
• cannot_reset_primary_owner - Only primary owner can reset primary owner's sessions
• failed_for_some_users - Some user ids failed to have their session invalidated. Details in extended comments
• feature_not_enabled - This method is not available for this product level
• not_an_admin - This method is only accessible by org/compliance team owners and admins
• restricted_action - Restricted action.
• session_reset_not_allowed - Only primary owner can reset primary owner's sessions
• unknown_method - This method is currently not available
• user_not_found - Error fetching user
• user_session_reset_failed - There was an error starting the session reset. Try again.

See the Common Errors guide for errors returned by every Web API method.

Configure the user-level session settings—the session duration and what happens when the client closes—for one or more users.

Required Params

• user_ids - The list of up to 1,000 user IDs to apply the session settings for ex: ['U12345','U67890']

Optional Params

• desktop_app_browser_quit - Terminate the session when the client—either the desktop app or a browser window—is closed. ex: true
• duration - The session duration, in seconds. The minimum value is 28800, which represents 8 hours; the max value is 315569520 or 10 years (that's a long Slack session). ex: 86400

Errors the API can return:

• admin_unauthorized - The token provided doesn't have permission to revoke a session.
• at_least_one_session_setting_required - At least one session setting is required.
• bots_not_allowed - Bot sessions are not listed by this method.
• feature_not_enabled - This method is only available for Enterprise organizations.
• not_an_admin - This method is only accessible by Org Owners and Admins
• unable_to_update_existing_sessions - The session settings could not be applied to users' existing sessions.
• unknown_method - This method is currently not available.
• user_not_found - At least one of the requested users doesn't exist.

See the Common Errors guide for errors returned by every Web API method.