Revoke the session behind a refresh token.
const url = 'https://connect-api.sudomimus.com/logout';const options = { method: 'POST', headers: {'Content-Type': 'application/json'}, body: '{"refreshToken":"example"}'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request POST \ --url https://connect-api.sudomimus.com/logout \ --header 'Content-Type: application/json' \ --data '{ "refreshToken": "example" }'Revokes the single session identified by the supplied refresh token (RFC 7009 style). Possession of a genuine refresh token authorizes the revocation, so no client-auth JWT is required.
The operation is idempotent: a token that is already revoked or expired
reports revoked: true, and a token that cannot be resolved reports
revoked: false without revealing whether it ever existed.
Request Body required
Section titled “Request Body required ”object
The refresh token (JWT) whose session should be revoked.
Example generated
{ "refreshToken": "example"}Responses
Section titled “ Responses ”Revocation outcome.
object
True if the session is now revoked, including sessions that were already revoked or expired.
Example generated
{ "revoked": true}default
Section titled “default ”Error response.
Error response body. The Connect service emits { "reason": "<SymbolDescription>" }
for known failure modes. When the reason symbol’s description begins with
PRIVATE, the body is empty (zero bytes) and only the HTTP status carries
signal — both reason and the body itself are absent in that case.
object
Stable machine-readable reason code.
Example generated
{ "reason": "example"}