POST api.deuna.com/users/logout
Logs out an authenticated user by invalidating their session and optionally blacklisting their JWT access token.
Description
The logout service:
- Ends the current user session via the session service.
- If the session ID is not provided via header, it will be extracted from the Bearer token claims (if available)
- Generates a new guest token for the user and returns it in the response.
Headers:
- Authorization (string, required if blacklisting is enabled): Bearer token to be blacklisted.
- Session-Id (string, optional): Session ID to invalidate. If not provided, it will be extracted from the token (if possible).
Response
200 OK
json:
{
"token": "<guest_token>"
}
Error Responses:
Bad Request: Missing or malformed bearer token401 Unauthorized: Invalid or missing headers500 Internal Server Error: Token parsing or blacklist operation failed503 Service Unavailable: Session service unavailable
The server response depends on context the values injected by the authentication middleware:
userId,merchant