`POST /v1/auth/logout` — revoke the caller's session JWT (by `jti`). Accepts even an already-expired token so a stale tab can still log out. - Pegana

POST

/

v1

/

auth

/

logout

`POST /v1/auth/logout` — revoke the caller's session JWT (by `jti`). Accepts even an already-expired token so a stale tab can still log out.

curl --request POST \
  --url https://api.pegana.xyz/v1/auth/logout \
  --header 'Authorization: Bearer <token>'

Authorizations

Authorization

string

header

required

Session JWT issued by POST /v1/auth/telegram (Telegram Login Widget) or POST /v1/auth/magic/consume. Send as Authorization: Bearer <jwt>.

Response

Session revoked

`POST /v1/auth/magic/consume` — public endpoint the web client calls when it lands on `/auth/magic?nonce=…`. Atomically marks the nonce consumed AND returns the telegram_id in a single UPDATE … RETURNING (race-free; two concurrent consumers can't both succeed). On hit, mints a 7-day session JWT — same path as Login Widget.Failure modes: - 400 if the body fails to parse. - 401 if the nonce is unknown, already consumed, or expired. - 500 if the JWT insert fails (DB issue).

⌘I

`POST /v1/auth/logout` — revoke the caller's session JWT (by `jti`). Accepts even an already-expired token so a stale tab can still log out.

curl --request POST \
  --url https://api.pegana.xyz/v1/auth/logout \
  --header 'Authorization: Bearer <token>'