Logout
POST
/auth/logout/
const url = 'https://example.com/auth/logout/';const options = {method: 'POST', headers: {Authorization: 'Bearer <token>'}};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request POST \ --url https://example.com/auth/logout/ \ --header 'Authorization: Bearer <token>'Revoke all refresh tokens and bump token_version for the current user.
SEC-S15 (Phase 1062-01): revoke_all_tokens bumps User.token_version so the access JWT used for this logout call (and any other outstanding access JWTs) are rejected on the next authenticated request — closing the “logout doesn’t invalidate the access JWT” gap.
Authorizations
Section titled “Authorizations ”Responses
Section titled “ Responses ”Successful Response
Bad request — invalid query parameters or payload
ProblemDetail
object
detail
required
Detail
string
status
required
Status
integer
title
required
Title
string
type
Type
string
Example
{ "type": "about:blank"}Unauthorized — missing or invalid credentials
ProblemDetail
object
detail
required
Detail
string
status
required
Status
integer
title
required
Title
string
type
Type
string
Example
{ "type": "about:blank"}Forbidden — caller lacks access to this resource
ProblemDetail
object
detail
required
Detail
string
status
required
Status
integer
title
required
Title
string
type
Type
string
Example
{ "type": "about:blank"}Not found
ProblemDetail
object
detail
required
Detail
string
status
required
Status
integer
title
required
Title
string
type
Type
string
Example
{ "type": "about:blank"}Validation error
ProblemDetail
object
detail
required
Detail
string
status
required
Status
integer
title
required
Title
string
type
Type
string
Example
{ "type": "about:blank"}Internal server error
ProblemDetail
object
detail
required
Detail
string
status
required
Status
integer
title
required
Title
string
type
Type
string
Example
{ "type": "about:blank"}