GET /api/login/endsession
Ends the current session for the user, either on user logout or on session timeout. If user is actively logging out, and had logged in via an external identity provider or remote tenant, this operation also initiates single logout with the external provider or remote tenant.
Used when the user initiates logout; also used by the Community Manager developer portal user interface to log the user out when a session times out due to inactivity.
Note: we recommend using this operation to end the user's session, rather than the POST /api/login/logout operation which will be deprecated.
Authorization Roles/Permissions: Must be logged in.
This topic includes the following sections:
HTTP Method
GET
URL
https://{hostname}/api/login/endsession
Sample Request
The example below shows a request for ending the session, initiated by the user; for example, the user clicks the Log Out button in the Community Manager developer portal.
Sample Request URL
https://{hostname}/api/login/endsession
Sample request headers
GET http://{hostname}/api/login/endsession HTTP/1.0 Host: {hostname} Accept: application/json, text/javascript, */*; q=0.01
Sample request body
Not applicable.
Request Headers
For general information on request header values, refer to HTTP Request Headers.
Header | Description |
---|---|
Accept | application/json, application/vnd.soa.v72+json, application/vnd.soa.v80+json, application/vnd.soa.v81+json |
Request Parameters
Parameter | Parm Type | Data Type | Required | Description |
---|---|---|---|---|
returninstructions | returnInstructions | boolean | optional |
Indicates if further information is needed for the user's logout. For session timeout, this parameter is ignored. If the user logs out, and this parameter is included with a value of true, the platform returns a LogoutResponse JSON object with Relying Party logout information (IDPLogoutInfo) and logout information for each remote federation member (RPLogoutInfo). |
event | event | string | optional | If the user's session times out due to inactivity, the Community Manager developer portal sends this parameter with a value of session_timeout. If the event is a timeout, the operation logs the user out of the platform, removing any session cookies, but does not initiate SLO (single logout) with the identity provider, in scenarios where a third-party identity provider is used. |
postlogouturl | postlogouturl | string | optional |
Used with external domains that support SLO (for example, CA SiteMinder), to pass the Community Manager developer portal home URL to the external domain so that the external domain can use this value to replace placeholders, if any exist, or to add a query parameter with this value in the configured logout URL in the external domain. This value determines where the user-agent is redirected after logout from the external domain is complete. The URL must be URL-safe, using escape characters as needed. For example, instead of HTTP://, use http%3A%2F%2F. |
Response
If successful, this operation returns HTTP status code 200, and the cookies are removed.
Sample Response
The sample responses below shows successful completion of this operation.
Sample response headers
HTTP/1.1 200 OK Content-Type: application/json Expires: Wed, 22 Apr 2015 11:56:38 GMT Set-Cookie: Csrf-Token_acmepaymentscorp=none;path=/;expires=Wed, 22 Apr 2015 11:56:38 GMT AtmoAuthToken_acmepaymentscorp=none;path=/;expires=Wed, 22-Apr-2015 11:56:38 GMT;HttpOnly
Sample response body #1
Returned for local logout. In this example, the user logged in locally, so there is no content in the response.
{ }
Sample response body #2
Returned on session timeout in a federated scenario.
{ "RPLogoutInfo":[ { "location":"http://fedmember1.acmepaymentscorp.com/api/login/logout?atmoCallbackFn=?..", "method":"GET" }, { "location":"http://fedmember2.acmepaymentscorp.com/api/login/logout?atmoCallbackFn=?..", "method":"GET" } ] }
Sample response body #3
Returned on user logout in a federated scenario with IdPs, returninstructions = true.
{ "RPLogoutInfo":[ { "location":"http://acmepaymentscorp.com/api/login/logout?atmoCallbackFn=?..", "method":"GET" }, { "location":"http://acmepaymentscorp.com/api/login/logout?atmoCallbackFn=?..", "method":"GET" } ], "IDPLogoutInfo":{ "location":"http://idp.ssocircle.com/sso/SSOPost/metaAlias/ssocircle", "method":"POST", "params":[ { "name":"SAMLRequest", "value":"nVbbkqrIEn33Kzrcj0Y3F1HU2N0TxUUEAULt79%2B6YmTPnvFUlmatWrszK4..." }, { "name":"RelayState", "value":"afVGUYLlhfkdsalVKLJflajsflWJDSGF..." } ], "content-type":"application/x-www-form-urlencoded" } }
Response Headers
For general information on response header values, refer to HTTP Response Headers.
Header | Description |
---|---|
Content-Type | application/json, application/vnd.soa.v72+json, application/vnd.soa.v80+json, application/vnd.soa.v81+json |
Response Body
Name | Type | Description |
---|---|---|
LogoutResponse | LogoutResponse |
Depending on the specific logout scenario, this object might be empty or might include information that might be needed by another tenant or by an external identity provider to perform single logout. Here are some scenarios: If the session times out, the Community Manager developer portal:
If the user actively ends the session, the Community Manager developer portal:
See sample responses above. |
Error Codes/Messages
If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.
Item | Value |
---|---|
400 | Bad request: Returned if the client sends a malformed request; for example, invalid parameters or body content. For example, you might get this response if you didn't include the required headers. |
500 | An error occurred processing the call. |
More information about Akana API Platform API error messages.