Poll auth session status

curl --request GET \
  --url https://api.usezombie.com/v1/auth/sessions/{session_id}

{
  "cli_public_key": "<string>",
  "token_name": "<string>",
  "expires_at_ms": 123
}

Authentication

Poll auth session status

Step 2 of the CLI device flow. The CLI polls this endpoint with the session_id returned from POST /v1/auth/sessions. The response surfaces only the public material the CLI needs to proceed: status, cli_public_key, token_name, expires_at_ms.

NEVER returns ciphertext, nonce, dashboard_public_key, verification_code, or verification_code_hmac (Invariant 1 in docs/AUTH.md Flow 1). Ciphertext release is gated behind the verification code on POST /v1/auth/sessions/{id}/verify.

Unauthenticated by design — the CLI poll precedes any token grant. The terminal states (expired, consumed, aborted) return 410 with a structured ErrorBody (UZ-AUTH-006/012/013).

GET

auth

sessions

{session_id}

Poll auth session status

curl --request GET \
  --url https://api.usezombie.com/v1/auth/sessions/{session_id}

{
  "cli_public_key": "<string>",
  "token_name": "<string>",
  "expires_at_ms": 123
}

Path Parameters

session_id

string<uuid>

required

Auth session identifier (UUIDv7)

Response

Session is in an active (non-terminal) state

status

enum<string>

required

pending — created, awaiting dashboard approval. verification_pending — dashboard approved, awaiting CLI verification code.

Available options:

pending,

verification_pending

cli_public_key

string

required

Echo of the CLI's ECDH public key (base64url P-256 SPKI).

token_name

string

required

Operator label that the dashboard shows to the user during approval.

expires_at_ms

integer<int64>

required

Unix epoch milliseconds. Session TTL is 5 minutes from creation.

Start a CLI login session List tenant API keys