Auth
Revoke a refresh token
Marks the session associated with the provided refresh token inactive. Safe to call multiple times — always returns { success: true } once the backend has processed the request.
POST
Headers
HMAC-SHA256 signature: HMAC-SHA256(secretKey, timestamp + METHOD + path + body). Optional -- when omitted, HMAC verification is skipped.
Request timestamp in epoch milliseconds. Required when x-signature is provided. Rejected if drift exceeds 5 minutes.
Body
application/json
OpenAPI schema McpSignOutBodyDto.
Refresh token of the session to be revoked.
Example:
"550e8400-e29b-41d4-a716-446655440000"