Support Topics Documentation Slack YouTube Blog

User Logout API works without user token

I’ve noticed that the API endpoint to logout a user still works even if I don’t pass it a user token in the header, returning an empty body and 200 OK status.

curl -v https://api.backendless.com/<application-id>/<api-key>/users/logout

The same response is obtained even when passing anything as the user token:

curl -h "user-token: foo" -v https://api.backendless.com/<application-id>/<api-key>/users/logout

This doesn’t seem to be normal behaviour? How can I confirm the user has actually been logged out?

Thanks!

Make sure to pass user token and it will be invalidated by the logout call.

Regards,
Mark