Skip to main content
POST
/
api
/
auth
/
logout
Logout
curl --request POST \
  --url https://api.example.com/api/auth/logout \
  --header 'Authorization: <authorization>'
{
  "success": true,
  "message": "<string>",
  "data": null
}
Revokes the current authentication session. This endpoint requires authentication.

Authentication

This endpoint requires a valid access token in the Authorization header.
Authorization
string
required
Bearer token for authenticationFormat: Bearer <access_token>

Request

No request body is required for this endpoint.

Response

success
boolean
Indicates if the request was successful
message
string
Response message (“Logout successful”)
data
null
No data is returned on successful logout

Example Request

curl -X POST https://api.millenniumpotters.com/api/auth/logout \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

Example Response

{
  "success": true,
  "message": "Logout successful",
  "data": null
}

Error Responses

Returned when the Authorization header is missing or malformed.
{
  "success": false,
  "message": "No token provided"
}
Returned when the token is invalid or the session has already been revoked.
{
  "success": false,
  "message": "Invalid or expired session"
}
Returned when the user account has been deactivated.
{
  "success": false,
  "message": "User account is inactive"
}

Implementation Notes

  • Logout primarily handles local session cleanup
  • For Supabase OAuth sessions, logout is primarily handled on the frontend using the Supabase SDK
  • The endpoint accepts both JWT tokens (email/password auth) and Supabase tokens (Google OAuth)
  • After logout, the access token can no longer be used for authentication
  • Use /api/auth/sessions to view all active sessions
  • Use /api/auth/sessions/:sessionId to revoke specific sessions
  • Use /api/auth/sessions/revoke-others to logout from all other devices

Build docs developers (and LLMs) love

Get started for freeTalk to us