<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content

Invalidate Individual Sessions in Okta Identity Engine via API

Administration
Okta Identity Engine

Overview

Sessions in Okta Identity Engine (OIE) function based on the idx cookie rather than the Session ID (sid) from Okta Classic Engine, making legacy API calls incompatible. To invalidate an OIE session, retrieve the idx cookie from the target session and execute a DELETE request to the /api/v1/sessions/me endpoint.

Applies To

  • Okta Identity Engine (OIE)
  • Sessions
  • Application Programming Interface (API)

Cause

Sessions in OIE function based on the idx cookie rather than the Session ID (sid) used in Okta Classic Engine. Consequently, OIE does not support API calls requiring a Session ID to manage lifecycles. This limitation includes the call to invalidate an existing session, which Okta Classic Engine performs using the following API call:

DELETE {url}/api/v1/sessions/{sid}

Solution

What are the steps to invalidate an individual session in Okta Identity Engine via API?

Retrieve the idx cookie from the browser developer tools and execute a DELETE API call to invalidate the session.

  1. Open the Developer Tools in the browser.
  2. Select the Application tab.
  3. Under Cookies, select the tenant URL.
  4. Select idx and copy the value.
  5. Prepare the following API call:
    DELETE {url}/api/v1/sessions/me
  6. Add a new header with the following properties:
    • Key: Cookie
    • Value: idx={<idx>} (replace <idx> with the value copied in step 4).

Review the following image for an example of the configured API call.

API Call

 

Related References

Loading
Okta Support - Invalidate Individual Sessions in Okta Identity Engine via API