Logout Service

The user logout service provides functionality to terminate an active user session from the client.

The service always returns HTTP status 204 (no content), even if there was no active session for the calling user at the point the call was made, and does not require authentication (but it does require a session cookie header identifying the session to be terminated). Implement the functionality using the logout service API.

Two options are available - POST and DELETE. The POST method does the same thing as DELETE, but is the option to use if the configuration includes a firewall. For further information on these APIs, visit the SAP Business Accelerator Hub at:

• POST User Logout Request
• DELETE User Logout Request

POST User Logout Request

Terminate an active user session from the client using the POST method. Use the POST method if the configuration includes a firewall (otherwise use DELETE).

URL: http[s]://<mobile services host>/mobileservices/sessions/logout

HTTP Method: POST

Request Body Example:

POST https://<host:port>/mobileservices/sessions/logout HTTP/1.1
Accept-Encoding: gzip,deflate

Note

When the Logout API is called, it removes the push registrations from the server for the registered users on the associated devices.

DELETE User Logout Request

Terminate an active user session from the client using the DELETE method (if the configuration includes a firewall, use the POST method instead).

URL: http[s]://<mobile services host>/mobileservices/sessions

HTTP Method: DELETE

Request Body Example:

DELETE https://<host:port>/mobileservices/sessions HTTP/1.1
Accept-Encoding: gzip,deflate
Host: <host>
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)

Note

When the Logout API is called, it removes the push registrations from the server for the registered users on the associated devices.

Logout Version 2 Service

The user logout Version 2 service provides functionality to invalidate the sessions and revoke all the refresh tokens of a user.

The service always returns HTTP status 204 (no content), even if there was no active session for the calling user at the point the call was made, and does not require authentication (but it does require a session cookie header identifying the session to be terminated). Implement the functionality using the logout service API.

Two options are available - POST and DELETE. The POST method does the same thing as DELETE, but is the option to use if the configuration includes a firewall.

POST User Logout Request - Version 2

Invalidates the sessions using the POST method. Use the POST method if the configuration includes a firewall (otherwise use DELETE).

URL: http[s]://<mobile services host>/mobileservices/sessions/v2/logout

HTTP Method: POST

Requests Body Example:

POST https://<host:port>/mobileservices/sessions/v2/logout HTTP/1.1
Accept-Encoding: gzip,deflate

DELETE User Logout Request - Version 2

Invalidates the session using the DELETE method (if the configuration includes a firewall, use the POST method instead).

URL: http[s]://<mobile services host>/mobileservices/sessions/v2

HTTP Method: DELETE

Request Body Example:

DELETE https://<host:port>/mobileservices/sessions/v2 HTTP/1.1
Accept-Encoding: gzip,deflate
Host: <host>
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)

---

Last update: July 3, 2025