# Token Revocation and Logging Out Token revocation and logout are two related concepts. Both can be called for a variety of similar reasons, such as a user logging off, a security breach, or a change in permissions. The primary difference lies in their scope of action. Token revocation focuses on invalidating a specific authentication token while keeping the user's session active. On the other hand, when a user logs out, their session is completely terminated for all applications, and they must re-authenticate to access protected resources. You can make a similar API call to the HyperID for either action: {% tabs %} {% tab title="Logout Request" %} ```http POST /auth/realms/HyperID/protocol/openid-connect/logout HTTP/1.1 Host: login.hypersecureid.com Content-Type: application/x-www-form-urlencoded Content-Length: 98 refresh_token=your.refresh.token &client_id=your_app_client_id &client_secret=your_app_client_secret ``` {% endtab %} {% tab title="Revoke Tokens Request" %} ```http POST /auth/realms/HyperID/protocol/openid-connect/revoke HTTP/1.1 Host: login.hypersecureid.com Content-Type: application/x-www-form-urlencoded Content-Length: 98 token=your.refresh.token &client_id=your_app_client_id &client_secret=your_app_client_secret ``` {% endtab %} {% endtabs %} This API calls include the refresh token as the `refresh_token` parameter for Logout / as the `token` parameter for Revoke, the `client_id` and `client_secret` from your client's configuration settings (see to the [Client Registration](https://hyperid.gitbook.io/hyperid-dev-docs/documentation/client-registration) chapter for details). {% code title="Response" %} ```http HTTP/1.1 200 OK ``` {% endcode %} Both requests end with same simple response. Below are examples of the implemented 'Logout' requests: {% tabs %} {% tab title="cURL" %} ```powershell curl --location 'http://login.hypersecureid.com/auth/realms/HyperID/protocol/openid-connect/logout' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'refresh_token=your.refresh.token' \ --data-urlencode 'client_id=your_app_client_id' \ --data-urlencode 'client_secret=your_app_client_secret' ``` {% endtab %} {% tab title="JavaScript" %} ```javascript var myHeaders = new Headers(); myHeaders.append("Content-Type", "application/x-www-form-urlencoded"); var urlencoded = new URLSearchParams(); urlencoded.append("refresh_token", "your.refresh.token"); urlencoded.append("client_id", "your_app_client_id"); urlencoded.append("client_secret", "your_app_client_secret"); var requestOptions = { method: 'POST', headers: myHeaders, body: urlencoded, redirect: 'follow' }; fetch("http://login.hypersecureid.com/auth/realms/HyperID/protocol/openid-connect/logout", requestOptions) .then(response => response.text()) .then(result => console.log(result)) .catch(error => console.log('error', error));java ``` {% endtab %} {% tab title="NodeJS" %} ```javascript const axios = require('axios'); const qs = require('qs'); let data = qs.stringify({ 'refresh_token': 'your.refresh.token', 'client_id': 'your_app_client_id', 'client_secret': 'your_app_client_secret' }); let config = { method: 'post', maxBodyLength: Infinity, url: 'http://login.hypersecureid.com/auth/realms/HyperID/protocol/openid-connect/logout', headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, data : data }; axios.request(config) .then((response) => { console.log(JSON.stringify(response.data)); }) .catch((error) => { console.log(error); }); ``` {% endtab %} {% tab title="Python" %} ```python import http.client conn = http.client.HTTPSConnection("login.hypersecureid.com") payload = 'refresh_token=your.refresh.token&client_id=your_app_client_id&client_secret=your_app_client_secret' headers = { 'Content-Type': 'application/x-www-form-urlencoded' } conn.request("POST", "/auth/realms/HyperID/protocol/openid-connect/logout", payload, headers) res = conn.getresponse() data = res.read() print(data.decode("utf-8")) ``` {% endtab %} {% tab title="C#" %} ```csharp var client = new HttpClient(); var request = new HttpRequestMessage(HttpMethod.Post, "http://login.hypersecureid.com/auth/realms/HyperID/protocol/openid-connect/logout"); var collection = new List>(); collection.Add(new("refresh_token", "your.refresh.token")); collection.Add(new("client_id", "your_app_client_id")); collection.Add(new("client_secret", "your_app_client_secret")); var content = new FormUrlEncodedContent(collection); request.Content = content; var response = await client.SendAsync(request); response.EnsureSuccessStatusCode(); Console.WriteLine(await response.Content.ReadAsStringAsync() ``` {% endtab %} {% endtabs %}