POST /logout
Sign out
Clears the server-held token and drops the session.
Authentication
Requires the X-Session header (the opaque session id from POST /login). See Authentication.
Request
No request body.
Responses
200
Logged out.
| Field | Type | Required | Description |
|---|---|---|---|
ok | boolean | yes |
Example
{
"ok": true
}
401
Authentication required. Two shapes share this status: a session-layer 401 (a plain Error, no reauth flag) means a missing or unknown/expired X-Session — re-login for a new session id; a token-layer 401 (ReauthError with reauth: true) means the server-held token expired — re-run POST /login and retry.
Error handling
This endpoint can return the statuses below. For request bodies and the client action per status, see the full error contract.
| Status | Meaning |
|---|---|
401 | Authentication required. Two shapes share this status: a session-layer 401 (a plain Error, no reauth flag) means a missing or unknown/expired X-Session — re-login for a new session id; a token-layer 401 (ReauthError with reauth: true) means the server-held token expired — re-run POST /login and retry. |
A 401 with { "reauth": true } means the server-held token expired — re-run POST /login and retry. A 403 is a real authorization denial — surface it; retrying will not help.