Authentication
Invalidate session
Revoke an active access token to log out a user and end their session.
The Invalidate Session endpoint allows you to log out a user by revoking their active access and refresh tokens. This ensures that the session can no longer be used to authenticate API requests.
Endpoint
Headers
Key | Value | Required |
|---|---|---|
Content-Type | application/json | Yes |
Authorization | Bearer <access_token> | Yes |
Request Body
Optional, depending on whether you want to target a specific session or all sessions.
Field | Type | Description |
|---|---|---|
session_id | string | If provided, only the specified session is invalidated. If omitted, the current session is invalidated. |
Response
Successful Response (200 OK)
Field | Type | Description |
|---|---|---|
message | string | Confirmation message. |
session_id | string | The ID of the invalidated session (if provided). |
Error Response (401 / 404)
Error Code | Meaning |
|---|---|
unauthorized | Missing or invalid access token. |
invalid_session | The session does not exist or is already invalid. |
Example Usage
cURL
JavaScript (Fetch)
Use this endpoint when a user logs out or if you need to revoke a compromised session. For security, all tokens tied to the invalidated session are immediately unusable.