Authentication

Invalidate session

Revoke an active access token to log out a user and end their session.

DELETE

https://api.docly.com/v1/auth/session

Request

curl --request DELETE \
  --url https://api.yourdomain.com/v1/auth/session \
  --header "Authorization: Bearer ACCESS_TOKEN" \
  --header "Content-Type: application/json" \
  --data '{
    "session_id": "sess_82bd91fa",
    "reason": "user_logout"
  }'

Request

curl --request DELETE \
  --url https://api.yourdomain.com/v1/auth/session \
  --header "Authorization: Bearer ACCESS_TOKEN" \
  --header "Content-Type: application/json" \
  --data '{
    "session_id": "sess_82bd91fa",
    "reason": "user_logout"
  }'

Request

curl --request DELETE \
  --url https://api.yourdomain.com/v1/auth/session \
  --header "Authorization: Bearer ACCESS_TOKEN" \
  --header "Content-Type: application/json" \
  --data '{
    "session_id": "sess_82bd91fa",
    "reason": "user_logout"
  }'

200

401

{
  "success": true,
  "invalidated_session_id": "sess_82bd91fa",
  "revoked_tokens": 2,
  "revoked_at": "2026-02-16T15:42:12Z"
}

200

401

{
  "success": true,
  "invalidated_session_id": "sess_82bd91fa",
  "revoked_tokens": 2,
  "revoked_at": "2026-02-16T15:42:12Z"
}

200

401

{
  "success": true,
  "invalidated_session_id": "sess_82bd91fa",
  "revoked_tokens": 2,
  "revoked_at": "2026-02-16T15:42:12Z"
}

Terminate an active authentication session and revoke its associated tokens.

Use this endpoint to log a user out, revoke compromised credentials, or enforce session termination across devices.

Authorizations

Authorization

string

required

A valid access token identifying the session to invalidate.

Format: Authorization: Bearer <access_token>

The token must belong to an active sessio

Response Fields

success

boolean

required

Indicates whether the session was successfully invalidated.

invalidated_session_id

string

required

Identifier of the session that was terminated.

revoked_tokens

integer

required

Number of tokens revoked as part of the invalidation.

revoked_at

string

required

ISO 8601 timestamp indicating when the session was invalidated.

Example: "2026-02-16T15:42:12Z"

Error Fields

error_code

string

required

Machine-readable identifier describing the failure.

Possible values:

  • session_not_found

  • session_already_invalidated

  • unauthorized

  • insufficient_permissions

error_description

string

required

Detailed explanation of why the request failed.

Previous

Next

Authenticate user

Next

Need help? Contact Support

Join our Discord Community

Questions? Contact Sales

Request

curl --request DELETE \
  --url https://api.yourdomain.com/v1/auth/session \
  --header "Authorization: Bearer ACCESS_TOKEN" \
  --header "Content-Type: application/json" \
  --data '{
    "session_id": "sess_82bd91fa",
    "reason": "user_logout"
  }'

200

401

{
  "success": true,
  "invalidated_session_id": "sess_82bd91fa",
  "revoked_tokens": 2,
  "revoked_at": "2026-02-16T15:42:12Z"
}

Create a free website with Framer, the website builder loved by startups, designers and agencies.