Skip to main content
POST
/
api
/
auth
/
logout
Logout
curl --request POST \
  --url https://api.example.com/api/auth/logout
{
  "success": true,
  "data": {
    "message": "<string>"
  }
}

Endpoint

Destroys the current session and invalidates the session token. After logout, the token can no longer be used to authenticate requests.

Authentication

Requires a valid session token via:
  • Authorization: Bearer <token> header, or
  • heimdall_session cookie

Request

No request body required.

Example

curl -X POST https://heimdall.example.com/api/auth/logout \
  -H "Authorization: Bearer <your_session_token>"

Response

Success Response

success
boolean
Always true for successful logout
data
object
{
  "success": true,
  "data": {
    "message": "Logged out"
  }
}

Error Responses

{
  "success": false,
  "error": {
    "code": 401,
    "message": "No session token provided"
  }
}

{
  "success": false,
  "error": {
    "code": 500,
    "message": "Internal server error"
  }
}

Notes

  • Logout is idempotent — calling it multiple times with the same token (even after invalidation) returns success
  • Invalid or expired tokens also receive a 200 success response
  • After logout, the session is permanently deleted from the database
  • If using cookies, the client should clear the heimdall_session cookie after receiving the logout response

Build docs developers (and LLMs) love

Get started for freeTalk to us