Skip to main content

Endpoint Details

/wp-json/asap/v1/get-active-sessions

Overview

The Active Sessions API provides a server-to-server endpoint for discovering active WordPress user sessions. Unlike traditional cookie-based approaches, this endpoint directly queries the WordPress database for session data, making it more reliable for cross-domain authentication.
This endpoint requires a shared secret for authentication. Never expose this secret in client-side code.

Authentication

All requests to this endpoint must include the X-ASAP-Sync-Secret header with the shared secret value configured in your WordPress environment. This secret is defined with the BETTER_AUTH_SECRET constant in your WordPress configuration.

Request Parameters

requestSource
string
required
An identifier for the source of the request (e.g., “svelte-kit-server”)
timestamp
number
required
The current timestamp in milliseconds
serverInfo
object
Optional server information for debugging purposes

Response Format

success
boolean
required
Indicates whether the operation was successful
activeSessions
array
Array of user objects with active WordPress sessions
timestamp
number
Server timestamp when the response was generated
error
string
Error message if success is false

Error Codes

Error CodeDescriptionHTTP Status
unauthorizedInvalid or missing sync secret401
no_active_wp_sessionsNo active WordPress sessions found200
no_eligible_active_sessionsActive sessions found but not with required roles200

Additional Resources