API for managing tokens

Endpoints for generating and invalidating tokens.

• Generate a new token : POST /api2/tokens anyone
• Invalidate a token (logout) : DELETE /api2/tokens viewer

Generate a new token

POST /api2/tokens

Request json structure

{
    "username":"denis",
    "password":"Qwerty123"
}

Response json structure

{
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1NjUzNDMwODksImhvc3RuYW1lIjoiIiwibmJmIjoxNTY1MjU2Njg5LCJwYXNzd29yZCI6IlF3ZXJ0eTEyMyIsInBvcnQiOiIwIiwicm9sZSI6ImFkbWluIiwic2VjcmV0IjoiIiwidXNlcm5hbWUiOiJkZW5pcyJ9.KpPHV_j3ZZKJNDAxSJEf8rkibGcOfEpGszcay1VUMsc",
    "role": "admin",
    "id": 21,
    "source": "local"
}

Invalidate all user tokens (logout)

DELETE /api2/tokens

Invalidates all active tokens for the authenticated user, effectively logging them out from all sessions/devices. Once invalidated, the tokens cannot be used for further API requests.

Request headers

Authorization: Bearer <your-token>

Response json structure

{
    "message": "All tokens invalidated successfully"
}

Note: If the user has no tracked tokens, the response will be:

{
    "message": "Logged out successfully"
}

Error responses

If the Authorization header is missing:

{
    "statusCode": 400,
    "error": "Bad Request",
    "message": "Authorization header is required"
}

Back to X2-SERIES API Home