Logout

Client-side logout endpoint. Since Cognito uses stateless JWTs, there is no server-side token invalidation. The client is responsible for discarding stored tokens (access token, refresh token) to complete the logout process.

Authentication

This is a public endpoint that does not require authentication.

Rate Limiting

This endpoint is not rate-limited.

Request Body

This endpoint does not require a request body.

Request Example

curl -X POST https://api.example.com/api/auth/logout

Response

Success Response (200 OK)

message

string

Confirmation messageAlways returns "Logged out successfully"

{
  "message": "Logged out successfully"
}

Notes

Server-side token invalidation is not supported. Cognito uses stateless JWTs that cannot be revoked before their expiration time.
The client application must:
- Delete the access token from local storage/cookies
- Delete the refresh token from local storage/cookies
- Redirect the user to the login page or public landing page
Existing access tokens will remain valid until they expire (typically 1 hour after issuance)
For immediate invalidation, consider implementing a token blacklist on the server side, but this is not provided by default
This endpoint always returns a success response, regardless of whether the user was previously authenticated

Authentication

Assessments

Jobs

Prompts

Admin

Authentication

Rate Limiting

Request Body

Request Example

Response

Success Response (200 OK)

Notes

Build docs developers (and LLMs) love

Authentication

Assessments

Jobs

Prompts

Admin

​Authentication

​Rate Limiting

​Request Body

​Request Example

​Response

​Success Response (200 OK)

​Notes

Build docs developers (and LLMs) love

Authentication

Rate Limiting

Request Body

Request Example

Response

Success Response (200 OK)

Notes