Seller Orchestra Internal API Mapping

Sessions

Active session management across devices for sellers and domain admins

4 APIs

3-Layer Architecture

API Gateway
Seller Admin
User Service

List My Sessions

Get all active sessions for the authenticated seller across devices

GET
GatewayGET /seller/api/v1/sessions
OrchestraGET /merchant/api/v1/sessions
User Service
GET /api/sessionsQuery by user_id

Session Info Includes

device_type device_model os / os_version browser ip_address location (city, country) last_activity is_current

Revoke Session

Logout from a specific device (cannot revoke current session)

DELETE
GatewayDELETE /seller/api/v1/sessions/:session_id
OrchestraDELETE /merchant/api/v1/sessions/:session_id
User Service
GET /api/sessions/:session_idVerify ownership DELETE /api/sessions/:session_id
CacheDELETE session-{sessionId}Invalidate

Domain Admin Session Management

Requires domain admin or manage_staff permission

GETList Domain Sessions
/seller/api/v1/domains/:domain_id/sessions
Query: ?page=1&limit=50&user_id=...&status=active
GET /api/domains/:domain_id/permissions
GET /api/sessions
DELETERevoke Domain Session
/seller/api/v1/domains/:domain_id/sessions/:session_id
GET /api/domains/:domain_id/permissions
DELETE /api/sessions/:session_id
POST /api/notifications/send
Notifies user of forced logout

Supported Device Types

desktop mobile tablet unknown