@delopay/sdk 0.20.1 → 0.21.0

package/dist/{chunk-4FTI5GO7.js → chunk-EPZVT7EJ.js}

@@ -1901,6 +1901,35 @@ var Users = class {
       query: params
     });
   }
+  /**
+   * List the authenticated user's currently-active dashboard sessions
+   * (one row per minted login JWT that hasn't been revoked or expired).
+   *
+   * The row matching the JWT making this call has `is_current: true`,
+   * which is what lets the dashboard render a "This device" tag.
+   *
+   * `GET /user/me/sessions`. Requires a logged-in JWT. Returns an empty
+   * list when a Delopay admin is impersonating a non-admin merchant
+   * (same guard as `listLoginActivity`).
+   */
+  async listActiveSessions() {
+    return this.request("GET", "/user/me/sessions");
+  }
+  /**
+   * Disconnect one of the authenticated user's sessions. The matching
+   * JWT is rejected on its next request — fast-path via Redis, fall back
+   * to the persistent `revoked_at` column.
+   *
+   * Idempotent: revoking an already-revoked or unknown id returns 404,
+   * which the caller can treat as success for retry purposes. Revoking
+   * a session id that belongs to a different user also returns 404 —
+   * the response intentionally doesn't leak whether the id exists.
+   *
+   * `POST /user/me/sessions/{sessionId}/revoke`.
+   */
+  async revokeSession(sessionId) {
+    return this.request("POST", `/user/me/sessions/${encodeURIComponent(sessionId)}/revoke`);
+  }
   async getDetails() {
     return this.request("GET", "/user");
   }
@@ -3579,4 +3608,4 @@ export {
   applyBrandingVariables,
   shadowFor
 };
-//# sourceMappingURL=chunk-4FTI5GO7.js.map
+//# sourceMappingURL=chunk-EPZVT7EJ.js.map