# Device/Session Management

This section contains the API documentation for managing user devices and sessions in the Flashback platform.

## Overview

The Device and Session Management APIs allow users to:

* View and manage their registered devices
* Monitor active sessions across devices
* Control device trust levels
* Revoke sessions for security purposes

## Device/Session Management API Calls

### Device Management API Calls

<table><thead><tr><th width="230">Method</th><th>API Reference</th><th>Description</th></tr></thead><tbody><tr><td><mark style="color:green;"><code>GET</code></mark><code>/devices</code></td><td><a href="device-session-management/get__devices"><strong>get__devices</strong></a></td><td>Retrieve all user devices</td></tr><tr><td><mark style="color:green;"><code>GET</code></mark><code>/devices/{id}</code></td><td><a href="device-session-management/get__devices_-id"><strong>get__devices-id</strong></a></td><td>Get detailed information about a specific device</td></tr><tr><td><mark style="color:orange;"><code>POST</code></mark><code>/devices/trust</code></td><td><a href="device-session-management/post__devices_trust"><strong>post__devices_trust</strong></a></td><td>Mark a device as trusted</td></tr><tr><td><mark style="color:orange;"><code>POST</code></mark><code>/devices/{id}/untrust</code></td><td><a href="device-session-management/post__devices_-id_untrust"><strong>post__devices_-id_untrust</strong></a></td><td>Remove trust from a device</td></tr><tr><td><mark style="color:red;"><code>DELETE</code></mark><code>/devices/{id}</code></td><td><a href="device-session-management/delete__devices_-id"><strong>delete__devices_-{id}</strong></a></td><td>Permanently remove a device</td></tr></tbody></table>

### Session Management API Calls

<table><thead><tr><th width="230">Method</th><th>API Reference</th><th>Description</th></tr></thead><tbody><tr><td><mark style="color:green;"><code>GET</code></mark><code>/sessions</code></td><td><a href="device-session-management/get__sessions"><strong>get__sessions</strong></a></td><td>Retrieve all active user sessions</td></tr><tr><td><mark style="color:orange;"><code>POST</code></mark><code>/sessions/{id}/revoke</code></td><td><a href="device-session-management/post__sessions_-id_revoke"><strong>post__sessions_-id_revoke</strong></a></td><td>Revoke a specific session</td></tr><tr><td><mark style="color:orange;"><code>POST</code></mark><code>/sessions/revoke-all</code></td><td><a href="device-session-management/post__sessions_revoke-all"><strong>post__sessions_revoke-all</strong></a></td><td>Revoke all user sessions</td></tr><tr><td><mark style="color:orange;"><code>POST</code></mark><code>/devices/{id}/heartbeat</code></td><td><a href="device-session-management/post__sessions_-id_heartbeat"><strong>post__sessions_-id_heartbeat</strong></a></td><td>Update session activity and extend expiry</td></tr></tbody></table>

## Authentication

All endpoints require authentication using a Bearer token in the Authorization header.

## Common Response Format

All API responses follow a consistent format:

```json
{
  "success": boolean,
  "data": object | array,
  "message": string,
  "error": string
}
```

## Error Handling

The APIs return appropriate HTTP status codes:

* `200` - Success
* `404` - Resource not found
* `500` - Internal server error

## Rate Limiting

These APIs are subject to rate limiting to prevent abuse. Please implement appropriate retry logic with exponential backoff in your applications.