Skip to main content
Sign Out
curl --request POST \
  --url http://localhost:3000/api/auth/signout \
  --header 'Content-Type: application/json' \
  --data '
{
  "deviceId": "550e8400-e29b-41d4-a716-446655440000"
}
'

Overview

Signs out the current user from this device only. This endpoint handles device-specific logout by:
  1. Removing the FCM token for push notifications (if deviceId is provided)
  2. Clearing the session cookie
Other devices remain logged in until their sessions expire naturally.

Request Body

The request body is optional. If you want to remove the FCM token as part of sign-out, include the deviceId: 
{
  "deviceId": "550e8400-e29b-41d4-a716-446655440000"
}

Parameters

FieldTypeRequiredDescription
deviceIdstringNoThe FCM device ID to remove. If provided, the push notification token for this device will be removed from the user’s profile.

Behavior

Single-Device Sign-Out

  • Only signs out the current device
  • Other devices remain logged in
  • Sessions on other devices expire naturally based on their TTL

FCM Token Removal

  • If deviceId is provided, the corresponding FCM token is removed
  • User will no longer receive push notifications on this device
  • Other devices still receive notifications

Error Handling

  • Always returns 200 - sign-out never fails
  • If FCM token removal fails, it logs the error but still clears the session
  • If the session is already invalid, it still clears the cookie

Example Usage

Client-Side (with FCM token removal)

import { signOut } from "@/firebase/client/auth";
import { LocalStorageKeys } from "@/constants/storage";

// Get the device ID from localStorage
const deviceId = localStorage.getItem(LocalStorageKeys.FCM_DEVICE_ID);

// Sign out and remove FCM token
await axiosInstance.post("/api/auth/signout", {
  deviceId: deviceId || undefined,
});

// Clean up local state
await auth.signOut();
localStorage.removeItem(LocalStorageKeys.VIEW_MODE);
localStorage.removeItem(LocalStorageKeys.FCM_DEVICE_ID);

Notes

This endpoint uses single-device sign-out. To sign out from all devices, you would need to implement a separate endpoint that revokes all refresh tokens using auth.revokeRefreshTokens().
FCM token removal is optional but recommended. If you don’t pass the deviceId, the FCM token will remain in the user’s profile and they may continue to receive push notifications even after signing out.

Body

application/json
deviceId
string

Optional FCM device ID to remove push notification registration for this device

Example:

"550e8400-e29b-41d4-a716-446655440000"

Response

User signed out successfully (always returns 200, even if FCM removal fails or session was invalid)