Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/GaelCeballos/Smart_Enviro_Backend/llms.txt

Use this file to discover all available pages before exploring further.

The logout endpoint revokes the current bearer token and clears the current_token field on the user record, releasing the single-session lock enforced by Smart Enviro Backend. After calling this endpoint, the same credentials can be used to log in from any device.
Endpoint
FieldValue
MethodDELETE
Path/api/logout
Auth requiredYes — Authorization: Bearer {token}

Request Example

curl -X DELETE http://localhost/api/logout \
  -H "Authorization: Bearer 1|abc123..."
No request body is required. The user identity is resolved entirely from the bearer token in the Authorization header.

What Happens on Logout

Calling this endpoint performs two operations atomically:
  1. Clears users.current_token — Sets the current_token column on the authenticated user’s record to null, releasing the single-session lock so the account can log in again from any device.
  2. Deletes the Sanctum token record — Removes the corresponding row from the personal_access_tokens table via currentAccessToken()->delete(), immediately invalidating the token for all future requests.
After a successful logout, any subsequent request using the same bearer token will be rejected with 401 Unauthorized.

Responses

200 OK — Logout successful

The token was revoked and the session lock was cleared.
{"status": "success", "message": "Cierre de sesión exitoso"}
status
string
Always "success" on a 200 response.
message
string
Human-readable confirmation message ("Cierre de sesión exitoso").

401 Unauthorized — No valid token provided

Returned when the Authorization header is missing, malformed, or contains a token that has already been revoked.
{"status": "error", "message": "Usuario no autenticado"}

This endpoint uses the HTTP DELETE method, not POST. Ensure your HTTP client or mobile app explicitly sets the request method to DELETE — some clients default to GET or POST when a body is not provided.
Once a token is revoked it cannot be recovered. If your client loses the token before calling logout, the only way to release the single-session lock is to contact an administrator to clear current_token directly, or to call DELETE /api/logout with the original token if it is still available.

Build docs developers (and LLMs) love