Action guide
Record every forced logout with a reason
POST
/v1/events · user.session.revokedEmit a `user.session.revoked` event when you terminate a session, whether the user clicked 'sign out everywhere', or your back end killed it due to suspicious activity, or an admin revoked it.
When to emit
In the handler that deletes the session row or flips the session-invalid flag.
Example payload
await recalled.events.create({
action: "user.session.revoked",
actor: { id: user.id, email: user.email },
organization: user.organizationId,
metadata: {
reason: "value",
ip: "203.0.113.42"
},
});Metadata to include
Keep metadata flat and consistent across your service so it plays well with search and CSV exports.
| Key | Purpose |
|---|---|
reason | user_logout, admin_revoked, suspicious_activity, password_changed |
ip | Source IP address of the request |
Suggested retention
Keep for at least 12 months for security incident forensics.