/v1/sessions/{session_id}/plugins/{plugin_id}Session-scoped admin route. Direct session callers first fetch /api/s/{session_id}/auth-challenge, then send X-Taiku-Session-Nonce, X-Taiku-Session-Key, and X-Taiku-Session-Auth. The host runtime handles this automatically when session admin actions are available.
Authorization
sessionChallengeHeader sessionViewerProofHeader sessionWriteProofHeader One-time session auth challenge returned by /api/s/{session_id}/auth-challenge.
In: header
Base64-encoded proof of the one-time challenge, derived from the session secret.
In: header
Base64-encoded proof of the same challenge, derived from the session write/admin secret.
In: header
Path Parameters
Current session identifier.
Plugin identifier.
Header Parameters
Fresh one-time challenge/nonce returned by /api/s/{session_id}/auth-challenge. Must match the nonce used to derive the session proof headers.
Base64-encoded proof of the server-provided challenge, derived from the session secret for viewer access.
Base64-encoded proof of the same challenge, derived from the session write/admin secret. Required for writer routes when the session is write-protected, and required for admin routes.
Request Body
application/json
Toggle payload.
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
text/plain
text/plain
text/plain
curl -X PATCH "/api/v1/sessions/string/plugins/string" \ -H "Content-Type: application/json" \ -d '{ "enabled": true }'{
"ok": true
}"missing session auth challenge""tunnel admin auth required""Session not found"