# User Connections

User connection APIs operate on connections that completed `pusher:signin`.

Use these APIs when your backend needs to target or remove a user by `user_id`, regardless of which channels they joined.

## Send events to a user

```text
POST https://api.vask.dev/apps/{app_key}/users/{user_id}/events
```

```json
{
    "name": "notification.created",
    "data": "{\"body\":\"Your report is ready\"}"
}
```

The event is delivered to every active connection signed in as `{user_id}`.

Client binding:

```js
pusher.signin();

pusher.user.bind('notification.created', (event) => {
    console.log(event.body);
});
```

## Terminate user connections

```text
POST https://api.vask.dev/apps/{app_key}/users/{user_id}/terminate_connections
```

```json
{}
```

Vask closes all active sockets signed in as `{user_id}` with close code `4200`.

## Banning a user

Termination is immediate, but it does not permanently block reconnects. To ban a user:

1. Update your application so future user auth requests for that user fail.
2. Call `terminate_connections` for the same `user_id`.

If step 1 is skipped, the SDK can reconnect and sign in again.

## Presence is not enough

This API only affects connections that completed user authentication. A connection that joined a presence channel but never sent `pusher:signin` is not terminated by user id.

## Related docs

- [User authentication](/docs/user-authentication)
- [HTTP API reference](/docs/http-api)
- [Watchlist events](/docs/watchlist-events)