Revoking tokens (logout)

Under certain circumstances, you may need to explicitly revoke one or more tokens associated with a user entity, such as when a user logs out of your app. This is accomplished by making a PUT request to the /revoketoken and /revoketokens endpoints.

Revoking tokens (user logout)

If a user has been logged in using the Usergrid iOS, Android, JavaScript or node.JS SDKs, the returned token is automatically stored in the UsergridDataClient (iOS), DataClient (Android), Usergrid.Client (JavaScript), Usergrid.Client (node.JS) class instance. Calling the logout method of the SDK will destroy the token on the server, as well as in the client object.

Request syntax

Revoke all tokens associated with a user entity

curl -X PUT https://api.usergrid.com/<org_name>/<app_name>/users/<user_uuid_or_username>/revoketokens

Revoke a specific token associated with a user entity

curl -X PUT https://api.usergrid.com/<org_name>/<app_name>/users/<user_uuid_or_username>/revoketoken?token=<token_to_revoke>

Example request

curl -X PUT https://api.usergrid.com/your-org/your-app/users/someUser/revoketokens

Example response

{
  "action" : "revoked user token",
  "timestamp" : 1382050891455,
  "duration" : 24
}

Revoking admin user tokens

The /revoketoken and /revoketokens endpoints also work for revoking admin user tokens by making a PUT request to /management/users//