API tokens created before scoped tokens were introduced continue to work with full access when no scopes are set. New tokens should request only the scopes your integration needs — see Authentication and OAuth.
July 2026
July 10 — Session files & upload paths
Added — Session files (read:sessions / write:sessions)
Attach PDFs, PowerPoint decks, Word docs, and similar files to a session.
| Path | Method | Endpoint | Max size |
|---|---|---|---|
| Simple upload | POST | /v1/event/{eventId}/sessions/{sessionId}/files/upload | 50 MB |
| Direct-to-storage create | POST | /v1/event/{eventId}/sessions/{sessionId}/files | 500 MB |
| Complete | POST | .../files/{fileId}/complete | — |
| List | GET | .../files | — |
| Update | PUT | .../files/{fileId} | — |
| Replace | POST | .../files/{fileId}/replace | 500 MB |
| Delete | DELETE | .../files/{fileId} | — |
file. Sessionboard detects size and MIME type, scans the file, and returns the attached file. No presigned URL steps.
Direct-to-storage — create → PUT bytes to signed URL → complete. Use for files over 50 MB (up to 500 MB) or when you prefer uploading straight to storage (standard presigned-URL pattern used by AWS, Stripe, and similar APIs).
Session-scoped creates use standard REST (POST on the collection path — no /create suffix). The /create suffix remains only where POST on the collection path is search (sessions, contacts, metadata entities, etc.).
Documentation
- New guide: Uploading session files — two-tab playbook (simple vs direct-to-storage)
- API overview: Session Files
July 7 — Sessions & scopes
Fixed- Embedded contact fields on session responses (
photo_url,company_name,title,address_country, and related profile fields) now populate correctly onspeakers[],chairpersons[],moderators[], andparticipants[]in the event’s default language. - Participant ordering respects configured role sort order and per-participant
order.
- Read routes for transcriptions and recordings require the
read:transcriptionsscope when your token has explicit scopes. - Read routes for media items require the
read:mediascope when your token has explicit scopes. read:transcriptionsandread:mediaadded to the OAuth scope catalog.
- Session participant model documented:
participants[]vs legacy role arrays,participant_roleshape, and contact fields available withoutexpand.
July 6 — Transcriptions, recordings & media upload
Added — Transcriptions (read:transcriptions / write:transcriptions)
| Method | Path |
|---|---|
POST | /v1/event/{eventId}/sessions/{sessionId}/transcriptions |
GET | /v1/event/{eventId}/sessions/{sessionId}/transcriptions |
GET | /v1/event/{eventId}/sessions/{sessionId}/transcriptions/{id} |
PUT | /v1/event/{eventId}/sessions/{sessionId}/transcriptions/{id} |
DELETE | /v1/event/{eventId}/sessions/{sessionId}/transcriptions/{id} |
GET | /v1/event/{eventId}/transcriptions |
GET | /v1/event/{eventId}/transcriptions/{id} |
fragment, summary, insight, and translation. Fragments written via the API appear in the event’s Marketing Media transcript view.
Added — Session recordings (read:transcriptions / write:transcriptions)
| Method | Path |
|---|---|
POST | /v1/event/{eventId}/sessions/{sessionId}/recordings |
GET | /v1/event/{eventId}/sessions/{sessionId}/recordings |
GET | /v1/event/{eventId}/sessions/{sessionId}/recordings/{id} |
POST | /v1/event/{eventId}/sessions/{sessionId}/recordings/{id}/complete |
read:media / write:media)
Direct-to-S3 multipart upload for video or audio files, with automatic transcription when processing completes.
| Method | Path |
|---|---|
POST | /v1/event/{eventId}/sessions/{sessionId}/media/upload/initiate |
POST | /v1/event/{eventId}/sessions/{sessionId}/media/upload/sign-part |
POST | /v1/event/{eventId}/sessions/{sessionId}/media/upload/complete |
POST | /v1/event/{eventId}/sessions/{sessionId}/media/upload/abort |
GET | /v1/event/{eventId}/sessions/{sessionId}/media/{mediaItemId} |
- New guide: Media & Transcriptions (three integration playbooks).
- New reference page: Transcriptions & Media.
- OpenAPI tags split into Transcriptions, Session Recordings, and Media.
July 5 — Sessions 2.0 participants
Addedparticipants[]on session search and get — flat list from the Sessions 2.0 model, including custom program roles (Author, Panelist, etc.). Always returned; no expand flag required.participant_roleon legacyspeakers[],chairpersons[], andmoderators[]when the event has Sessions 2.0 roles configured.expand=compositionon session search/get — returns composition status, target session summary, and source counts for abstract-to-session linking.- Richer nested metadata on
language,track,level,room, andformatobjects (color,order,capacity, timestamps, etc.) instead of{ id, name }only.
- Minimal
parent.subsessions[]shape now includesparticipantsalongsidespeakers.
July 3 — Session write responses
Addedis_abstracton session create and bulk create (requires Sessions 2.0 on the event).expand=compositionon create/update/bulk responses — includes composition status block.
- Create, update, bulk, get, and list responses now share one formatter — write responses match read/search shape (nested metadata, composition, etc.).
expand=linked_sourcesandexpand=compositionsupported consistently across session CRUD handlers.
June 2026
June 18 — Subsessions
FixedGET /v1/event/{eventId}/sessions/{sessionId}accepts a subsession UUID directly and returns the full session shape (with parent friendly-id keys).expand=subsession_detailsincludesis_publicon every subsession inparent.subsessions[].
May 2026
May 22 — Subsession field parity
Addedexpand=subsession_detailson session search and get — every item inparent.subsessions[]returns full parent-shape parity (status,custom_fields,chairpersons,moderators,sponsors,exhibitors,tags, nested metadata, and more). Default subsession shape is unchanged for backward compatibility.GET /v1/event/{eventId}/sessions/{sessionId}with a subsession UUID returns the full session DTO at the top level.POST /v1/event/{eventId}/sessions/statusreturns a minimalsubsessions[]array on parent rows (id, friendly_id, status, custom_status, timestamps) for status-sync integrations.
- Subsession expand behavior and
SubsessionDetailedschema documented in the API overview.
May 7 — Webhooks
Documentation- Webhook payload schemas updated to match the current event shape.
April 2026
April 13 — OAuth token lifetimes
Changed- OAuth access tokens expire after 24 hours (previously shorter).
- OAuth refresh tokens expire after 90 days.
April 12 — Deep links & OAuth hardening
Addedadmin_urlon session, contact, exhibitor, and sponsor responses — direct link to the record in the Sessionboard admin UI.
- OAuth Bearer tokens work with all MCP server tools.
- OAuth metadata URLs served correctly over HTTPS behind the load balancer.
April 11 — OAuth 2.1 & rate limits
Added- OAuth write scopes for sessions, contacts, exhibitors, sponsors, fields, metadata, and events.
- RFC 8707 resource parameter support on the token endpoint.
- Per-token rate limit overrides — contact support to raise limits for high-volume integrations.
- Browser-based OAuth:
/oauth/authorizeredirects to the consent UI. - OAuth discovery at
/.well-known/oauth-authorization-server.
- OAuth guide and Rate limiting page published.
April 10 — Convenience routes & insights
Added- Convenience routes for org-level dashboards, widgets, and saved reports at
/v1/dashboards,/v1/widgets, and/v1/queries(in addition to event-scoped paths). - Event-scoped insights, dashboards, widgets, and queries routed through the unified v1 proxy.
- Widget create no longer returns 404 when
dashboardIdis in the path. - Rules list handles missing pagination without error.
- Contact create/update returns profile fields correctly when locale casing differs.
April 9 — Agenda planning & metadata
Added- Agenda drafts — full CRUD for drafts, draft sessions, commit, and change history.
- Scheduling rules — create, read, update, delete.
- Personas — create, read, update, delete.
- Event metadata CRUD — rooms, tracks, tags, formats, levels, languages, and session statuses (read and write).
April 7 — Entity write API (major release)
Added- Session CRUD — create, update, delete, restore, bulk operations, and custom field updates.
- Contact CRUD — create, update, delete, restore, bulk, and list sessions for a contact.
- Exhibitor & sponsor CRUD — create, update, delete, restore, and bulk.
- Custom field definitions — create, update, delete.
- Organization-scoped contact read endpoints.
- Bearer token authentication alongside
X-Access-Token. - Write scopes enforced on all mutating routes.
- Full OpenAPI schemas for all CRUD endpoints.
- Sidebar reorganized by org scope, event scope, and convenience routes.
April 8 — Reliability
Fixed- Error details from the API are forwarded through the proxy (clearer validation messages).
204 No Contentresponses handled correctly on delete/restore.- Scheduled smoke tests against the dev environment (ongoing quality monitoring).
March 2026
March 25 — Organization contacts
FixedGET /v1/organization/{orgId}/contacts/{contactId}path corrected in the OpenAPI spec (was returning 404 for valid requests).
March 23 — Documentation site
Added- Public API documentation launched at apidocs.sessionboard.com (Mintlify).
- Insights & AI section — MCP server, SbQL, and analytics endpoints.
- EU region base URL documented:
https://public-api-eu.sessionboard.com.
Earlier capabilities
These endpoints predate 2026 but are part of the current API surface:- Session & speaker search —
POST /v1/event/{eventId}/sessions, speaker search, and individual session get (with 3-minute cache on get and search). - GDPR —
GETandPOST /v1/gdpr/requests. - Webhooks — real-time notifications on data changes (Webhooks).
- Insights — SbQL execute, AI query generation, saved reports, and dashboards (Insights overview).

