Logout
Log out the current session and optionally revoke tokens across all devices.
Logout
POST
/api/v1/auth/logoutLog out the current session and optionally revoke tokens across all devices.
Authentication:Bearer Token
Request Parameters
The request body is optional. With an empty body, the endpoint signs out only the current device (identified from the access token). The fields below control broader logout behavior.
| Parameter | Type | Required | Description |
|---|---|---|---|
refresh_token | string | Optional | The refresh token to revoke for the current session. Only used during a single-device logout (when all_devices is false). The current device is marked inactive regardless. |
all_devices | boolean | Optional | Set to true to sign out from every device, revoking all active sessions and tokens for the user. A force-logout is pushed to each device over WebSocket and FCM. |
except_current | boolean | Optional | Only meaningful together with all_devices: true. Keeps the current device signed in while revoking every other session. |
Code Examples
curl -X POST https://api.orbai.world/api/v1/auth/logout \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
-H "Content-Type: application/json" \
-d '{
"refresh_token": "dGhpcyBpcyBhIHJlZnJlc2...",
"all_devices": false,
"except_current": false
}'Responses
200Logout successful. The targeted session(s) have been revoked. Any signed-out devices receive a real-time force-logout notification.
{
"success": true,
"data": {
"success": true
}
}401The access token is missing, invalid, or expired.
{
"success": false,
"error": {
"code": "UNAUTHORIZED",
"message": "Invalid or expired access token."
}
}Related Endpoints
- Login -- Login
- Refresh Token -- Refresh Token
- Device Management & Sessions -- List active devices and sign out a specific one