Appearance
Logout
Signs out the current user session by transitioning the user status to logged_out. This endpoint requires authentication and does not invalidate tokens, but marks the user session as logged out.
Endpoint
GET /auth/logoutAuthentication: Tenant authentication and user authentication required
Description
The logout endpoint allows authenticated users to sign out from their current session. When a user logs out:
- The user's status is transitioned to
logged_out - The operation returns a success response
Important: After a successful logout, the application must immediately discard and stop using the access token. Although the token remains technically valid until it expires, if the application continues to send API requests with the old access token after logout, the system will automatically mark the user as logged in again, effectively undoing the logout operation. Therefore, the application should delete the access token from storage and never send it in subsequent API requests.
Request
No request body is required for this endpoint. The user must be authenticated via the x-token header containing a valid JWT access token.
Response
Status Code: 200 OK
json
{
"meta": {
"requestId": "req-12345",
"timestamp": "2025-01-15T10:30:00.000Z"
},
"data": {
"success": true
}
}| Field | Type | Description |
|---|---|---|
success | boolean | Always true on success |
Rate Limiting
Rate limiting is applied to prevent abuse and ensure system stability. The logout endpoint has the following rate limits:
| Limit Type | Rate | Window |
|---|---|---|
| Per IP | 30 requests | 1 hour |
When rate limits are exceeded, the API returns a 429 Too Many Requests status code.
For information about rate limit headers, see Rate Limiting in the overview.
Errors
For detailed explanations of all error codes, see the Error Codes page where you can find all system errors.
403 Forbidden - Restricted Capability
Occurs when the logout capability is restricted for the tenant or user.
json
{
"meta": {
"requestId": "req-12345",
"timestamp": "2025-01-15T10:30:00.000Z"
},
"error": {
"message": "Capability logout is restricted",
"code": "RESTRICTED_CAPABILITY",
"status": 403
}
}429 Too Many Requests - Rate Limit Exceeded
Occurs when the rate limit is exceeded. See Rate Limiting section for details.
json
{
"meta": {
"requestId": "req-12345",
"timestamp": "2025-01-15T10:30:00.000Z"
},
"error": {
"message": "Too many requests",
"code": "TOO_MANY_REQUESTS",
"status": 429
}
}500 Internal Server Error
Occurs when an internal error happens during logout. Common causes include missing user context or other unexpected system state.
Error codes:
UNEXPECTED_STATE- Unexpected system state (e.g., missing user context)INTERNAL_SERVER- General internal server error
json
{
"meta": {
"requestId": "req-12345",
"timestamp": "2025-01-15T10:30:00.000Z"
},
"error": {
"message": "Missing user context",
"code": "UNEXPECTED_STATE",
"status": 500
}
}json
{
"meta": {
"requestId": "req-12345",
"timestamp": "2025-01-15T10:30:00.000Z"
},
"error": {
"message": "Something went wrong on our side.",
"code": "INTERNAL_SERVER",
"status": 500
}
}Notes
- After logout, the application must delete the access token from local storage and never use it again
- If the old access token is used after logout, the user will be automatically marked as logged in