Skip to main content

Logout

POST 
/auth/v1/user/signout

API Description

User logout API, used to securely terminate a user session.

Features

  • Cleans up the refresh_token record corresponding to the token on the backend.
  • Marks the access_token as invalid.
  • Supports clients proactively clearing locally cached tokens.
  • When logging out from third-party authorization sessions, whether a third-party logout URL is generated depends on the corresponding identity provider configuration.

Input Requirements

Required Parameters

  • Authorization: Bearer authentication in the request header, in the format Bearer ${access_token}.

Optional Parameters

  • client_id: Client ID corresponding to the application, defaults to environment ID, can be omitted.
  • x-device-id: Device ID of the current logged-in device.
  • redirect_uri: Redirect URL after successful logout (optional).
  • state: State parameter to be appended to the redirect URL after logout (optional).

Prerequisites

  • The user must be in a logged-in state.
  • The access_token must be valid and not expired.
  • The client must cache the access_token in order to call the logout API.

Output

Successful Response

  • HTTP 200 indicates logout succeeded.
  • Optional redirect_uri is returned for page redirection.

Request Example

POST /auth/v1/user/signout
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2FwaS5leGFtcGxlLmNvbSIsInN1YiI6Ijk4NzY1NDMyMTAxMjM0NTY3ODkiLCJhdWQiOiJkZW1vLWFwcC0yZjhhOWMzZTFiNGQiLCJleHAiOjE3MzQ2NzU4ODksImlhdCI6MTczNDY2ODY4OSwic2NvcGUiOiJ1c2VyIn0.dGhpc19pc19hX2Zha2Vfc2lnbmF0dXJlX2Zvcl9leGFtcGxlX3B1cnBvc2VzX29ubHlfZG9fbm90X3VzZV9pbl9wcm9kdWN0aW9uX2Vudmlyb25tZW50X3RoaXNfaXNfbm90X3JlYWxfdG9rZW5fZGF0YQ.hOKXMtMmtbeyZSlnlprXIGVtKpBw8t7Syq45sqMX3oC2TqZ4Gl4AieQCyQF6KMLh4BH3PHt_eoJxJGQYJXx-bXalP_S94A22KpiB0n5tVb8MAV_8YbTT0oNgQeQMkGgfMMfEECle82daASgxEIHUO0UyhY0mC3O3FoGpO6rrOXVL_mOCd3Ij80dMy59XjEJn3wmnnIS3bMLAIM2GodUYT9s9C1z_p6JPWlCbxlTxst6q_lHGwvpcO8UxWvra8zQbfStn0Kej3anEYfnuWYcgLAfkAPv3eeWHii0_nLTC300Kwnhk4RCFQ7U89XHoJ4O773DeA9c4ZFdXjHicysBDUQ
x-device-id: device_123456
Content-Type: application/json

{}

Response Examples

Successful Response

{
  "redirect_uri": "https://example/logout-callback?state=logout_state_123"
}

Invalid Parameter Response

{
  "error": "invalid_argument",
  "error_code": 3,
  "error_description": "device id must less than 72"
}

Usage Flow

1. Client clears local tokens

  • Delete locally stored access_token and refresh_token.
  • Clear related user session information.

2. Call the logout API

  • Call the logout API with a valid access_token.
  • Optionally pass redirect URL and state parameters.

3. Handle server response

  • If a redirect URL is returned, perform page redirection.
  • If an error is returned, handle it accordingly.

4. Verify token status

  • Call the Verify Token API to confirm that the token has become invalid.

Notes

Security Rules

  • The JWT token is stored on the client and must be cleared by the client proactively.
  • After logout, the access_token becomes invalid immediately.
  • The refresh_token is marked as unusable.

Error Handling

  • If the access_token has already expired, the logout API still returns success.
  • If the device ID length exceeds the limit, a parameter error occurs.
  • For server internal errors, you should implement a retry mechanism.

Request

Query Parameters

    client_id string

    Client ID corresponding to the application, can be obtained from Cloud Development Platform -> Identity Authentication -> Development Settings. Defaults to environment ID, can be omitted

Header Parameters

    x-device-id string

    Device ID, the ID of the current logged-in device. The client should generate it randomly and cache it on the client. This parameter is related to the number of logged-in accounts.

    Authorization stringrequired

    The access_token of the current logged-in user, format is Bearer xxx

    Example: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2FwaS5leGFtcGxlLmNvbSIsInN1YiI6Ijk4NzY1NDMyMTAxMjM0NTY3ODkiLCJhdWQiOiJkZW1vLWFwcC0yZjhhOWMzZTFiNGQiLCJleHAiOjE3MzQ2NzU4ODksImlhdCI6MTczNDY2ODY4OSwic2NvcGUiOiJ1c2VyIn0.dGhpc19pc19hX2Zha2Vfc2lnbmF0dXJlX2Zvcl9leGFtcGxlX3B1cnBvc2VzX29ubHlfZG9fbm90X3VzZV9pbl9wcm9kdWN0aW9uX2Vudmlyb25tZW50X3RoaXNfaXNfbm90X3JlYWxfdG9rZW5fZGF0YQ

Body

    redirect_uri string

    Redirect URI after successful sign out, optional

    state string

    State parameter carried in redirect URI after sign out, optional

Responses

A successful response.

Response Headers
    Schema
      redirect_uri string

      Redirect URI after successful sign out, optional

    Loading...