LogoutRequest

Logout request body. The refresh token is optional so legacy clients (no refresh-token support) can still call this endpoint successfully.

refreshTokenstring | nullnullable

Refresh token to revoke server-side. When omitted, only the access-side session ends (client just discards the access token).

LogoutRequest

{
  "refreshToken": "string"
}