The Active Sessions page in FreeAgent seems to have been built with browsers in mind, not API access.
It is next to impossible for a FreeAgent user to identify sessions created by an API app. A user might well think their account has been hacked instead, with frequent access from “Unknown Browsers”.
Each active session says, “Expires in 14 days / ‘Remember me’ was checked”. This is misleading for API access because there is no ‘remember me’ to check and the access does not expire in 14 days; at most it expires in 1 hour (the access token’s TTL). I would prefer to see “Expires in 1 hour” and no mention of ‘remember me’.
Furthermore the page used to list the user agent so API applications could be indirectly identified. Now the page simply says “Unknown browser” for API apps. I would prefer to see the name of the API app, which FreeAgent can presumably look up via the access token (which was issued to an approved client id).
Finally, there is no mention of the number of active sessions. One can start logging out of the “sessions” created by using the API, but there could be hundreds and there is no indication of this. I assume that if API access is treated as having an expiry of 1 hour, then the number of active “sessions” will decrease significantly. Still, it would be nice to see a count of the number of active sessions.