Skip to main content
POST
/
api
/
v1
/
auth
/
sessions
/
list
List sessions (master key)
curl --request POST \
  --url https://staging.zerolatencylabs.com/api/v1/auth/sessions/list \
  --header 'Content-Type: application/json' \
  --data '
{
  "payload": "AQABAAAAAAB4m2tQz9KvX1Yk2mN3oQ4rS5tU6vW7xZ8aB9cD0eF1gH2iJ3kL5mN7oP9qR1sT3uV5wX7yZ9a=",
  "public_key": "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=",
  "signature": "AAcOFRwjKjE4P0ZNVFtiaXB3foWMk5qhqK+2vcTL0tng5+71/AMKERgfJi00O0JJUFdeZWxzeoGIj5adpKuyuQ=="
}
'
[
  {
    "created_at": "2026-06-23T15:00:00.000Z",
    "id": "0190b6c2-7e4a-7c3b-9f21-2b6a1c4e5d8f",
    "public_key": "k8Jq3xQp",
    "master_public_key": "k8Jq3xQp",
    "subaccount_index": 1,
    "valid_until": "2026-06-23T16:00:00.000Z"
  }
]

Body

application/json

Signed write request from a master key. The JSON body is a Base64SignedPayload (Secp256k1) or a PasskeySignedPayload (passkey — adds WebAuthn authenticator_data, client_data_json, and credential_id, with public_key optional); the wire signature_type selects which. The base64 payload is identical in both and decodes to the binary layout [Header(8) || RequestId(16) || Body || Auth] — see spec/signing.md. The decoded Body is:

  • ListSessions when Header.request_type = list_sessions (47).

JSON envelope for a signed request: the base64-encoded canonical payload plus the base64 signature and public_key of the signing credential. Session-key (Ed25519) endpoints accept exactly these fields; master-key (Secp256k1 / Passkey) endpoints sign the same payload and may carry additional signature material. Endpoints also accept the equivalent application/octet-stream binary frame.

payload
string
required

Base64-encoded bytes of the canonical request payload.

Example:

"AQABAAAAAAB4m2tQz9KvX1Yk2mN3oQ4rS5tU6vW7xZ8aB9cD0eF1gH2iJ3kL5mN7oP9qR1sT3uV5wX7yZ9a="

public_key
string
required

Base64-encoded public key of the signing credential.

Example:

"AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8="

signature
string
required

Base64-encoded signature over the payload.

Example:

"AAcOFRwjKjE4P0ZNVFtiaXB3foWMk5qhqK+2vcTL0tng5+71/AMKERgfJi00O0JJUFdeZWxzeoGIj5adpKuyuQ=="

Response

Session keys visible to the signing master key

created_at
string<date-time>
required
Example:

"2026-06-23T15:00:00.000Z"

id
string<uuid>
required
Example:

"0190b6c2-7e4a-7c3b-9f21-2b6a1c4e5d8f"

public_key
string
required

Base64-encoded Ed25519 session public key.

Example:

"k8Jq3xQp"

role
enum<string>
required
Available options:
FULL_ACCESS,
TRADING_ONLY
master_public_key
string | null

Base64-encoded parent master public key. None on legacy rows predating the backfill.

Example:

"k8Jq3xQp"

subaccount_index
null | integer<int32>

The session's subaccount pin, if any (None = inherits the parent's reach).

Required range: x >= 0
valid_until
string<date-time> | null
Example:

"2026-06-23T16:00:00.000Z"