Octopus Cards
API ReferenceAuthentication

Logout

Revoke all tokens for the authenticated client

POST /auth/logout

Revoke all active tokens (both access and refresh) for the authenticated client. Requires a valid access token in the Authorization header.

Request

curl -X POST https://api.octopuscards.io/auth/logout \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..."

No request body is required.

Request Parameters

KeyTypeRequiredDescription
Authorization headerstringYesBearer {access_token} - a valid JWT access token

Response

{
  "success": true,
  "data": {
    "message": "Successfully logged out"
  }
}

Response Fields

KeyTypeDescription
successbooleanAlways true on success
data.messagestringConfirmation message

All tokens for the client are revoked - not just the one used in the request. After logout, both the access token and any refresh tokens will stop working. To use the API again, call login to obtain new tokens.

Errors

401 Unauthorized - No Authorization header provided.

{
  "error": {
    "name": "UnauthorizedError",
    "code": "UNAUTHORIZED",
    "message": "Authorization header required"
  }
}

The Authorization: Bearer {token} header must be present on every request to this endpoint.

Refresh Token

Exchange a refresh token for a new access and refresh token pair

Reference Data

Countries, currencies, categories, and subcategories - static lookup data used across the API

On this page

POST /auth/logout
Request
Request Parameters
Response
Response Fields
Errors