Skip to content

Logout Service

The user logout service provides functionality to terminate an active user session from the client.

The service always returns HTTP status 204 (no content), even if there was no active session for the calling user at the point the call was made, and does not require authentication (but it does require a session cookie header identifying the session to be terminated). Implement the functionality using the logout service API.

Two options are available - POST and DELETE. The POST method does the same thing as DELETE, but is the option to use if the configuration includes a firewall. For further information on these APIs, visit the SAP Business Accelerator Hub at:

Logout Version 2 Service

The user logout Version 2 service provides functionality to invalidate the sessions and revoke all the refresh tokens of a user.

The service always returns HTTP status 204 (no content), even if there was no active session for the calling user at the point the call was made, and does not require authentication (but it does require a session cookie header identifying the session to be terminated). Implement the functionality using the logout service API.

Two options are available - POST and DELETE. The POST method does the same thing as DELETE, but is the option to use if the configuration includes a firewall.

  • Post User Logout Request - invalidates the sessions using the POST method. Use the POST method if the configuration includes a firewall (otherwise use DELETE).

    URL: http[s]://<mobile services host>/mobileservices/sessions/v2/logout

    Requests Body Example:

    POST https://<host:port>/mobileservices/sessions/v2/logout HTTP/1.1
    Accept-Encoding: gzip,deflate
    
  • DELETE User Logout Request - invalidates the session using the DELETE method (if the configuration includes a firewall, use the POST method instead).

    URL: http[s]://<mobile services host>/mobileservices/sessions/v2

    Request Body Example:

    DELETE https://<host:port>/mobileservices/sessions/v2 HTTP/1.1
    Accept-Encoding: gzip,deflate
    Host: <host>
        Connection: Keep-Alive
        User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
    

Last update: October 13, 2021