@extends('layouts.admin') @section('title','Security operations') @section('heading','Security operations') @section('content')

API sessions and abuse controls

Privacy-preserving rate-limit evidence and explicit session revocation.

Audit chain

API sessions

@forelse($sessions as $session)@empty@endforelse
AccountSession labelCreatedLast usedRevoke
{{ $session->tokenable?->name }}
{{ $session->tokenable?->email }} · {{ $session->tokenable?->role }}
{{ $session->name }}{{ $session->created_at?->format('d M Y H:i') }}{{ $session->last_used_at?->format('d M Y H:i') ?: 'Never' }}
@csrf
No API sessions match.
{{ $sessions->links() }}

Active push devices

@forelse($devices as $device)@empty@endforelse
AccountDevicePlatformLast seenRevoke
{{ $device->user?->name }}
{{ $device->user?->email }}
{{ $device->device_name ?: 'Unnamed device' }}{{ strtoupper($device->platform) }}{{ $device->last_seen_at?->format('d M Y H:i') ?: 'Never' }}
@csrf
No active push devices.

Rate-limit evidence

Network and user-agent values are one-way HMAC hashes; plaintext identifiers are not retained.

@forelse($abuse as $event)@empty@endforelse
EndpointAccountNetwork fingerprintCountLast seen
{{ $event->method }} {{ $event->path }}
{{ $event->route_name ?: 'unnamed route' }}
{{ $event->user?->email ?: 'Anonymous' }}{{ substr($event->ip_hash,0,12) }}…{{ $event->occurrences }}{{ $event->last_seen_at->format('d M Y H:i:s') }}
No throttled requests in this window.
@endsection