Revoke or Logout JWT Token

This endpoint allows you to revoke a previously issued token, immediately invalidating it and preventing further access. Once revoked, the token can no longer be used for authentication or authorization, ensuring enhanced security and control over user sessions.

Use Case

Logout a user by invalidating their active JWT token.
Revoke a compromised or outdated token to enhance security.
Enforce session control by manually revoking tokens.

Endpoint

POST /app/{app_id}/revoke-token

Headers

Name	Type	Required	Description
Authorization	string	Yes	The `app-key` of the project.

Example Request

curl --request POST \
--url http://{{your-endpoint}}:{{your-port}}/app/{{app-id}}/logout \
--header 'Authorization: {{app-key}}' \
--header 'content-type: application/json' \
--data '{
"token":"eyJhbGciOiJFUzI1NiIsImtpZCI6IjAxSk1WMjhGSlZCS0YwSkcwWVNHNjU1RUhZIiwidHlwIjoiSldUIn0.eyJhdWQiOiJ3ZWItYXBwIiwiZXhwIjoxNzQwNDI2ODg5LCJpYXQiOjE3NDA0MjMyODksImlwIjoiMS4xLjEuMSIsImlzcyI6ImFwcF8yIiwiamlkIjoiMDFKTVdNWlBFWFpLOEtLQkUxSllCQUdCOVYiLCJuYmYiOjE3NDA0MjMyODksInBlcnNvbmFsIjp7Im5hbWUiOiJ0ZXN0LXVzZXIifSwic3ViIjoidGVzdEB0ZXN0LmNvbSIsInVzZXJhZ2VudCI6Im15LXVzZXItYWdlbnQifQ.OY8tCesz-VlIg0kUeCEmKmpWVQ_bxfUEIMa0dZEfNM7x_6z139E8Of4hrffyRCmR3icsuIW5ICvj5QI2aD0I2g"
}'

const request = require('request');

const options = {
    method: 'POST',
    url: 'http://{{your-endpoint}}:{{your-port}}/app/{{app-id}}/logout',
    headers: {Authorization: '{{app-key}}', 'content-type': 'application/json'},
    body: {
    token: 'eyJhbGciOiJFUzI1NiIsImtpZCI6IjAxSk1WMjhGSlZCS0YwSkcwWVNHNjU1RUhZIiwidHlwIjoiSldUIn0.eyJhdWQiOiJ3ZWItYXBwIiwiZXhwIjoxNzQwNDI2ODg5LCJpYXQiOjE3NDA0MjMyODksImlwIjoiMS4xLjEuMSIsImlzcyI6ImFwcF8yIiwiamlkIjoiMDFKTVdNWlBFWFpLOEtLQkUxSllCQUdCOVYiLCJuYmYiOjE3NDA0MjMyODksInBlcnNvbmFsIjp7Im5hbWUiOiJ0ZXN0LXVzZXIifSwic3ViIjoidGVzdEB0ZXN0LmNvbSIsInVzZXJhZ2VudCI6Im15LXVzZXItYWdlbnQifQ.OY8tCesz-VlIg0kUeCEmKmpWVQ_bxfUEIMa0dZEfNM7x_6z139E8Of4hrffyRCmR3icsuIW5ICvj5QI2aD0I2g'
    },
    json: true
};

request(options, function (error, response, body) {
    if (error) throw new Error(error);

    console.log(body);
});

import requests

url = "http://{{your-endpoint}}:{{your-port}}/app/{{app-id}}/logout"

payload = { "token": "eyJhbGciOiJFUzI1NiIsImtpZCI6IjAxSk1WMjhGSlZCS0YwSkcwWVNHNjU1RUhZIiwidHlwIjoiSldUIn0.eyJhdWQiOiJ3ZWItYXBwIiwiZXhwIjoxNzQwNDI2ODg5LCJpYXQiOjE3NDA0MjMyODksImlwIjoiMS4xLjEuMSIsImlzcyI6ImFwcF8yIiwiamlkIjoiMDFKTVdNWlBFWFpLOEtLQkUxSllCQUdCOVYiLCJuYmYiOjE3NDA0MjMyODksInBlcnNvbmFsIjp7Im5hbWUiOiJ0ZXN0LXVzZXIifSwic3ViIjoidGVzdEB0ZXN0LmNvbSIsInVzZXJhZ2VudCI6Im15LXVzZXItYWdlbnQifQ.OY8tCesz-VlIg0kUeCEmKmpWVQ_bxfUEIMa0dZEfNM7x_6z139E8Of4hrffyRCmR3icsuIW5ICvj5QI2aD0I2g" }
headers = {
    "Authorization": "{{app-key}}",
    "content-type": "application/json"
}

response = requests.post(url, json=payload, headers=headers)

print(response.json())

<?php
$client = new \GuzzleHttp\Client();

$response = $client->request('POST', 'http://{{your-endpoint}}:{{your-port}}/app/{{app-id}}/logout', [
    'body' => '{
    "token":"eyJhbGciOiJFUzI1NiIsImtpZCI6IjAxSk1WMjhGSlZCS0YwSkcwWVNHNjU1RUhZIiwidHlwIjoiSldUIn0.eyJhdWQiOiJ3ZWItYXBwIiwiZXhwIjoxNzQwNDI2ODg5LCJpYXQiOjE3NDA0MjMyODksImlwIjoiMS4xLjEuMSIsImlzcyI6ImFwcF8yIiwiamlkIjoiMDFKTVdNWlBFWFpLOEtLQkUxSllCQUdCOVYiLCJuYmYiOjE3NDA0MjMyODksInBlcnNvbmFsIjp7Im5hbWUiOiJ0ZXN0LXVzZXIifSwic3ViIjoidGVzdEB0ZXN0LmNvbSIsInVzZXJhZ2VudCI6Im15LXVzZXItYWdlbnQifQ.OY8tCesz-VlIg0kUeCEmKmpWVQ_bxfUEIMa0dZEfNM7x_6z139E8Of4hrffyRCmR3icsuIW5ICvj5QI2aD0I2g"
}',
    'headers' => [
    'Authorization' => '{{app-key}}',
    'content-type' => 'application/json',
    ],
]);

echo $response->getBody();

package main

import (
    "fmt"
    "strings"
    "net/http"
    "io"
)

func main() {

    url := "http://{{your-endpoint}}:{{your-port}}/app/{{app-id}}/logout"

    payload := strings.NewReader("{\n  \"token\":\"eyJhbGciOiJFUzI1NiIsImtpZCI6IjAxSk1WMjhGSlZCS0YwSkcwWVNHNjU1RUhZIiwidHlwIjoiSldUIn0.eyJhdWQiOiJ3ZWItYXBwIiwiZXhwIjoxNzQwNDI2ODg5LCJpYXQiOjE3NDA0MjMyODksImlwIjoiMS4xLjEuMSIsImlzcyI6ImFwcF8yIiwiamlkIjoiMDFKTVdNWlBFWFpLOEtLQkUxSllCQUdCOVYiLCJuYmYiOjE3NDA0MjMyODksInBlcnNvbmFsIjp7Im5hbWUiOiJ0ZXN0LXVzZXIifSwic3ViIjoidGVzdEB0ZXN0LmNvbSIsInVzZXJhZ2VudCI6Im15LXVzZXItYWdlbnQifQ.OY8tCesz-VlIg0kUeCEmKmpWVQ_bxfUEIMa0dZEfNM7x_6z139E8Of4hrffyRCmR3icsuIW5ICvj5QI2aD0I2g\"\n}")

    req, _ := http.NewRequest("POST", url, payload)

    req.Header.Add("Authorization", "{{app-key}}")
    req.Header.Add("content-type", "application/json")

    res, _ := http.DefaultClient.Do(req)

    defer res.Body.Close()
    body, _ := io.ReadAll(res.Body)

    fmt.Println(res)
    fmt.Println(string(body))

}

AsyncHttpClient client = new DefaultAsyncHttpClient();
client.prepare("POST", "http://{{your-endpoint}}:{{your-port}}/app/{{app-id}}/logout")
    .setHeader("Authorization", "{{app-key}}")
    .setHeader("content-type", "application/json")
    .setBody("{\n  \"token\":\"eyJhbGciOiJFUzI1NiIsImtpZCI6IjAxSk1WMjhGSlZCS0YwSkcwWVNHNjU1RUhZIiwidHlwIjoiSldUIn0.eyJhdWQiOiJ3ZWItYXBwIiwiZXhwIjoxNzQwNDI2ODg5LCJpYXQiOjE3NDA0MjMyODksImlwIjoiMS4xLjEuMSIsImlzcyI6ImFwcF8yIiwiamlkIjoiMDFKTVdNWlBFWFpLOEtLQkUxSllCQUdCOVYiLCJuYmYiOjE3NDA0MjMyODksInBlcnNvbmFsIjp7Im5hbWUiOiJ0ZXN0LXVzZXIifSwic3ViIjoidGVzdEB0ZXN0LmNvbSIsInVzZXJhZ2VudCI6Im15LXVzZXItYWdlbnQifQ.OY8tCesz-VlIg0kUeCEmKmpWVQ_bxfUEIMa0dZEfNM7x_6z139E8Of4hrffyRCmR3icsuIW5ICvj5QI2aD0I2g\"\n}")
    .execute()
    .toCompletableFuture()
    .thenAccept(System.out::println)
    .join();

client.close();

Request Fields

Field	Type	Required	Description
token	string	Yes	The JWT token to be revoked/logged out.

Example Success Response

{
"status": "ok"
}

Response Fields

Field	Type	Description
status	String	Returns "ok" on successful token revocation.

Additional Notes:

Once revoked, the token can no longer be used for authentication.
This operation does not affect other active sessions unless their tokens are also revoked.

Responses

Status Code	Description
200 Ok	Success
400 Bad Request	Mostly when the form validation fails. The error will be returned as a response.
403 Access Denied	When the provided app key in Authorization header is invalid.
500 Internal Server Error	Mostly because of the database error. Check the log for root cause details.