Skip to main content
POST
/
api
/
auth
/
logout
Logout
curl --request POST \
  --url https://api.example.com/api/auth/logout \
  --header 'Authorization: <authorization>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "refreshToken": "<string>"
}
'
{
  "success": true,
  "message": "<string>"
}
Logs out the current user by revoking their refresh token. This prevents the refresh token from being used to obtain new access tokens. Requires authentication.

Authentication

Authorization
string
required
Bearer token with a valid access token.Format: Bearer <access_token>

Request Body

refreshToken
string
required
The refresh token to revoke. Must belong to the authenticated user.

Response

success
boolean
Indicates if the request was successful.
message
string
Success message confirming logout.

Error Responses

401 Unauthorized
Missing or invalid access token.
{
  "success": false,
  "error": {
    "message": "Unauthorized",
    "statusCode": 401
  }
}
400 Bad Request
Invalid request body or validation error.
{
  "success": false,
  "error": {
    "message": "Validation error",
    "statusCode": 400,
    "details": []
  }
}

Example Request

curl -X POST https://api.example.com/api/auth/logout \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
  -d '{
    "refreshToken": "rt_clx1234567890abcdef"
  }'

Example Response

{
  "success": true,
  "message": "Logged out successfully"
}

Notes

  • After logout, the access token remains valid until it expires naturally
  • The refresh token is immediately revoked and cannot be used again
  • Client applications should discard both tokens after calling this endpoint
  • This endpoint requires a valid, non-expired access token

Build docs developers (and LLMs) love

Get started for freeTalk to us