POST /auth/signout — Sign out and invalidate a session

Call POST /auth/signout to end a session by permanently invalidating a refresh token. After signing out, the supplied refresh token can no longer be used to obtain new access tokens. Any existing access tokens for the session will continue to work until they expire naturally — if you need to prevent further access immediately, rotate or discard your access token on the client side.

Endpoint

Field	Value
Method	`POST`
Path	`/auth/signout`
Auth required	Yes (Bearer token)
Rate limit	2 per minute

Request body

refresh_token

string

required

The refresh token to invalidate. After this call succeeds, the token cannot be reused.

Response

Status: 204 No Content No response body is returned on success.

Example

cURL

curl --request POST \
  --url https://api.drssed.com/auth/signout \
  --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...' \
  --header 'Content-Type: application/json' \
  --data '{
    "refresh_token": "drt_a1b2c3d4e5f6..."
  }'

POST /auth/refresh — Exchange tokens for a new pair

POST /auth/upgrade — Upgrade a guest to full account

Documentation Index

​Endpoint

​Request body

​Response

​Example

Endpoint

Request body

Response

Example