Update Sessions Config
POST
/web/v1/users/self/security/sessions/config JWTUpdates the authenticated user's session configuration. Supports partial updates — only provided fields are changed.
Required Headers
| Header | Example Value | Description |
|---|---|---|
| Content-Type | application/json | Request content type |
| Accept | application/json | Expected response type |
| X-Client-Hash | Client device fingerprint | |
| Accept-Language | en, zh, zh-Hant, ja, vi | Response language (default: en) |
| Authorization | Bearer | JWT access token |
| X-SC-Session-Id | Secure channel session ID |
Request Parameters
| Name | Type | Required | In | Description |
|---|---|---|---|---|
ssoEnabled | Boolean | Optional | body | Enable or disable single sign-on enforcement |
maxSessions | Integer | Optional | body | Maximum number of concurrent sessions |
Success Response
Success 200
{
"version": "1.3.0",
"timestamp": 1709337600000,
"success": true,
"code": "2000",
"message": "SUCCESS",
"data": {
"accountBizId": "acc_abc123",
"ssoEnabled": true,
"maxSessions": 5,
"passwordChangedAt": "2026-03-23T10:00:00Z",
"lastLoginAt": "2026-03-23T12:00:00Z",
"lastLoginIp": "1.2.3.4"
}
}Error Responses
Unauthorized 401
{
"success": false,
"code": "4010",
"message": "Invalid or expired token"
}Notes
- Replaces the old
POST /security/configendpoint. - Only
ssoEnabledandmaxSessionsare configurable — other fields in the response are read-only.