Skip to main content

POST /logout

Sign out

Clears the server-held token and drops the session.

Authentication

Requires the X-Session header (the opaque session id from POST /login). See Authentication.

Request

No request body.

Responses

200

Logged out.

FieldTypeRequiredDescription
okbooleanyes

Example

{
"ok": true
}

401

Authentication required. Two shapes share this status: a session-layer 401 (a plain Error, no reauth flag) means a missing or unknown/expired X-Session — re-login for a new session id; a token-layer 401 (ReauthError with reauth: true) means the server-held token expired — re-run POST /login and retry.

Error handling

This endpoint can return the statuses below. For request bodies and the client action per status, see the full error contract.

StatusMeaning
401Authentication required. Two shapes share this status: a session-layer 401 (a plain Error, no reauth flag) means a missing or unknown/expired X-Session — re-login for a new session id; a token-layer 401 (ReauthError with reauth: true) means the server-held token expired — re-run POST /login and retry.
Distinguish 401-reauth from 403

A 401 with { "reauth": true } means the server-held token expired — re-run POST /login and retry. A 403 is a real authorization denial — surface it; retrying will not help.