Skip to main content

POST /api/auth/logout

Logs out the current user by clearing the access and refresh token cookies from the client.

Authentication

No authentication required (clears cookies regardless of validity).

Request Body

No request body required.

Response

message
string
Success message confirming logout.

Cookies Cleared

  • accessToken - Removed from client
  • refreshToken - Removed from client

Example Request

POST /api/auth/logout

Example Response

{
  "message": "Logout successful"
}

Notes

  • This endpoint always returns a success response (status 200)
  • No server-side session invalidation occurs (JWT tokens remain valid until expiry)
  • The tokens are simply removed from the client’s cookies
  • After logout, any existing JWT tokens can still be used if manually provided in requests
  • For enhanced security, consider implementing a token blacklist for true server-side invalidation

Build docs developers (and LLMs) love

Get started for freeTalk to us