Skip to main content

POST /api/logout

Logs out the authenticated user by invalidating their refresh token and clearing authentication cookies.

Headers

Authorization
string
required
Bearer token for authenticationFormat: Bearer <access_token>

Authentication

This endpoint requires a valid JWT access token. The user is identified from the token payload.

Response

message
string
Success message
success
boolean
Indicates successful logout

Cookies Cleared

refreshToken
cookie
The refresh token cookie is cleared from the client

Status Codes

  • 200 - Logout successful
  • 401 - Unauthorized (invalid or missing access token)
  • 500 - Internal server error

Example Request

curl -X POST https://api.deployhub.cloud/api/logout \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

Example Response

{
  "message": "Logout Success",
  "success": true
}

Error Responses

{
  "message": "Unauthorized"
}

Process Flow

  1. Validates JWT access token from Authorization header
  2. Retrieves authenticated user from token payload
  3. Clears the user’s refresh token in the database
  4. Clears the refreshToken cookie from the client
  5. Returns success response

Notes

  • After logout, both the access token and refresh token become invalid
  • The client should discard any stored tokens after receiving a successful logout response
  • The refresh token is set to an empty string in the database
  • The operation uses validateBeforeSave: false for performance