Skip to main content
Release notes for the Sessionboard Public API. Entries are grouped by month (newest first). Breaking changes are called out explicitly.
API tokens created before scoped tokens were introduced continue to work with full access when no scopes are set. New tokens should request only the scopes your integration needs — see Authentication and OAuth.

July 2026

July 10 — Session files & upload paths

Added — Session files (read:sessions / write:sessions) Attach PDFs, PowerPoint decks, Word docs, and similar files to a session.
PathMethodEndpointMax size
Simple uploadPOST/v1/event/{eventId}/sessions/{sessionId}/files/upload50 MB
Direct-to-storage createPOST/v1/event/{eventId}/sessions/{sessionId}/files500 MB
CompletePOST.../files/{fileId}/complete
ListGET.../files
UpdatePUT.../files/{fileId}
ReplacePOST.../files/{fileId}/replace500 MB
DeleteDELETE.../files/{fileId}
Simple upload — one multipart request with field file. Sessionboard detects size and MIME type, scans the file, and returns the attached file. No presigned URL steps. Direct-to-storage — create → PUT bytes to signed URL → complete. Use for files over 50 MB (up to 500 MB) or when you prefer uploading straight to storage (standard presigned-URL pattern used by AWS, Stripe, and similar APIs). Session-scoped creates use standard REST (POST on the collection path — no /create suffix). The /create suffix remains only where POST on the collection path is search (sessions, contacts, metadata entities, etc.). Documentation

July 7 — Sessions & scopes

Fixed
  • Embedded contact fields on session responses (photo_url, company_name, title, address_country, and related profile fields) now populate correctly on speakers[], chairpersons[], moderators[], and participants[] in the event’s default language.
  • Participant ordering respects configured role sort order and per-participant order.
Changed
  • Read routes for transcriptions and recordings require the read:transcriptions scope when your token has explicit scopes.
  • Read routes for media items require the read:media scope when your token has explicit scopes.
  • read:transcriptions and read:media added to the OAuth scope catalog.
Documentation
  • Session participant model documented: participants[] vs legacy role arrays, participant_role shape, and contact fields available without expand.

July 6 — Transcriptions, recordings & media upload

Added — Transcriptions (read:transcriptions / write:transcriptions)
MethodPath
POST/v1/event/{eventId}/sessions/{sessionId}/transcriptions
GET/v1/event/{eventId}/sessions/{sessionId}/transcriptions
GET/v1/event/{eventId}/sessions/{sessionId}/transcriptions/{id}
PUT/v1/event/{eventId}/sessions/{sessionId}/transcriptions/{id}
DELETE/v1/event/{eventId}/sessions/{sessionId}/transcriptions/{id}
GET/v1/event/{eventId}/transcriptions
GET/v1/event/{eventId}/transcriptions/{id}
Supports artifact types: fragment, summary, insight, and translation. Fragments written via the API appear in the event’s Marketing Media transcript view. Added — Session recordings (read:transcriptions / write:transcriptions)
MethodPath
POST/v1/event/{eventId}/sessions/{sessionId}/recordings
GET/v1/event/{eventId}/sessions/{sessionId}/recordings
GET/v1/event/{eventId}/sessions/{sessionId}/recordings/{id}
POST/v1/event/{eventId}/sessions/{sessionId}/recordings/{id}/complete
Added — Media upload (read:media / write:media) Direct-to-S3 multipart upload for video or audio files, with automatic transcription when processing completes.
MethodPath
POST/v1/event/{eventId}/sessions/{sessionId}/media/upload/initiate
POST/v1/event/{eventId}/sessions/{sessionId}/media/upload/sign-part
POST/v1/event/{eventId}/sessions/{sessionId}/media/upload/complete
POST/v1/event/{eventId}/sessions/{sessionId}/media/upload/abort
GET/v1/event/{eventId}/sessions/{sessionId}/media/{mediaItemId}
Documentation

July 5 — Sessions 2.0 participants

Added
  • participants[] on session search and get — flat list from the Sessions 2.0 model, including custom program roles (Author, Panelist, etc.). Always returned; no expand flag required.
  • participant_role on legacy speakers[], chairpersons[], and moderators[] when the event has Sessions 2.0 roles configured.
  • expand=composition on session search/get — returns composition status, target session summary, and source counts for abstract-to-session linking.
  • Richer nested metadata on language, track, level, room, and format objects (color, order, capacity, timestamps, etc.) instead of { id, name } only.
Changed
  • Minimal parent.subsessions[] shape now includes participants alongside speakers.

July 3 — Session write responses

Added
  • is_abstract on session create and bulk create (requires Sessions 2.0 on the event).
  • expand=composition on create/update/bulk responses — includes composition status block.
Changed
  • Create, update, bulk, get, and list responses now share one formatter — write responses match read/search shape (nested metadata, composition, etc.).
  • expand=linked_sources and expand=composition supported consistently across session CRUD handlers.

June 2026

June 18 — Subsessions

Fixed
  • GET /v1/event/{eventId}/sessions/{sessionId} accepts a subsession UUID directly and returns the full session shape (with parent friendly-id keys).
  • expand=subsession_details includes is_public on every subsession in parent.subsessions[].

May 2026

May 22 — Subsession field parity

Added
  • expand=subsession_details on session search and get — every item in parent.subsessions[] returns full parent-shape parity (status, custom_fields, chairpersons, moderators, sponsors, exhibitors, tags, nested metadata, and more). Default subsession shape is unchanged for backward compatibility.
  • GET /v1/event/{eventId}/sessions/{sessionId} with a subsession UUID returns the full session DTO at the top level.
  • POST /v1/event/{eventId}/sessions/status returns a minimal subsessions[] array on parent rows (id, friendly_id, status, custom_status, timestamps) for status-sync integrations.
Documentation
  • Subsession expand behavior and SubsessionDetailed schema documented in the API overview.

May 7 — Webhooks

Documentation
  • Webhook payload schemas updated to match the current event shape.

April 2026

April 13 — OAuth token lifetimes

Changed
  • OAuth access tokens expire after 24 hours (previously shorter).
  • OAuth refresh tokens expire after 90 days.
Added
  • admin_url on session, contact, exhibitor, and sponsor responses — direct link to the record in the Sessionboard admin UI.
Changed
  • OAuth Bearer tokens work with all MCP server tools.
  • OAuth metadata URLs served correctly over HTTPS behind the load balancer.

April 11 — OAuth 2.1 & rate limits

Added
  • OAuth write scopes for sessions, contacts, exhibitors, sponsors, fields, metadata, and events.
  • RFC 8707 resource parameter support on the token endpoint.
  • Per-token rate limit overrides — contact support to raise limits for high-volume integrations.
  • Browser-based OAuth: /oauth/authorize redirects to the consent UI.
  • OAuth discovery at /.well-known/oauth-authorization-server.
Documentation

April 10 — Convenience routes & insights

Added
  • Convenience routes for org-level dashboards, widgets, and saved reports at /v1/dashboards, /v1/widgets, and /v1/queries (in addition to event-scoped paths).
  • Event-scoped insights, dashboards, widgets, and queries routed through the unified v1 proxy.
Fixed
  • Widget create no longer returns 404 when dashboardId is in the path.
  • Rules list handles missing pagination without error.
  • Contact create/update returns profile fields correctly when locale casing differs.

April 9 — Agenda planning & metadata

Added
  • Agenda drafts — full CRUD for drafts, draft sessions, commit, and change history.
  • Scheduling rules — create, read, update, delete.
  • Personas — create, read, update, delete.
  • Event metadata CRUD — rooms, tracks, tags, formats, levels, languages, and session statuses (read and write).

April 7 — Entity write API (major release)

Added
  • Session CRUD — create, update, delete, restore, bulk operations, and custom field updates.
  • Contact CRUD — create, update, delete, restore, bulk, and list sessions for a contact.
  • Exhibitor & sponsor CRUD — create, update, delete, restore, and bulk.
  • Custom field definitions — create, update, delete.
  • Organization-scoped contact read endpoints.
  • Bearer token authentication alongside X-Access-Token.
  • Write scopes enforced on all mutating routes.
Documentation
  • Full OpenAPI schemas for all CRUD endpoints.
  • Sidebar reorganized by org scope, event scope, and convenience routes.

April 8 — Reliability

Fixed
  • Error details from the API are forwarded through the proxy (clearer validation messages).
  • 204 No Content responses handled correctly on delete/restore.
  • Scheduled smoke tests against the dev environment (ongoing quality monitoring).

March 2026

March 25 — Organization contacts

Fixed
  • GET /v1/organization/{orgId}/contacts/{contactId} path corrected in the OpenAPI spec (was returning 404 for valid requests).

March 23 — Documentation site

Added
  • Public API documentation launched at apidocs.sessionboard.com (Mintlify).
  • Insights & AI section — MCP server, SbQL, and analytics endpoints.
  • EU region base URL documented: https://public-api-eu.sessionboard.com.

Earlier capabilities

These endpoints predate 2026 but are part of the current API surface:
  • Session & speaker searchPOST /v1/event/{eventId}/sessions, speaker search, and individual session get (with 3-minute cache on get and search).
  • GDPRGET and POST /v1/gdpr/requests.
  • Webhooks — real-time notifications on data changes (Webhooks).
  • Insights — SbQL execute, AI query generation, saved reports, and dashboards (Insights overview).