DELETE

Use the HTTP DELETE method with the login resource to log out a user and end a token-based authentication session for the REST API.

For more information about how to use token based authentication, see Using token based authentication with the REST API.

Resource URL
Optional query parameters
Request headers
Request body format
Security requirements
Response status codes
Response headers
Response body format
Examples

Resource URL

https://host:port/ibmmq/rest/v2/login

Note: If you are using a version of IBM® MQ earlier than IBM MQ 9.1.5 you must use the v1 resource URL instead. That is, you must substitute v1 where the URL uses v2. For example, the first part of the URL is as follows: https://host:port/ibmmq/rest/v1/

Optional query parameters

None.

Request headers

The following headers must be sent with the request:

ibm-mq-rest-csrf-token: This header must be set, but the value can be anything, including being blank.

Request body format

None.

Security requirements

The LTPA token that is used to authenticate the user must be provided with the request as a cookie. By default, this token starts with the prefix LtpaToken2.

With the response to the REST request, an instruction to delete the LTPA token from the local cookie store is included. Ensure that you process this instruction. If the instruction is not processed, and the LTPA token remains in the local cookie store, then the LTPA token can be used to authenticate future REST requests. That is, when the user attempts to authenticate with the LTPA token after the session is ended, a new session is created that uses the existing token.

Response status codes

204: User logged out successfully.
400: Invalid data provided.
401: Not authenticated.; An invalid LTPA token was provided, or the ibm-mq-rest-csrf-token header was missing.
404: Resource was not found.
500: Server issue or error code from IBM MQ.

Response headers

None.

Response body format

The response body is empty if the logout is successful. If an error occurs, the response body contains an error message. For more information, see REST API error handling.

Examples

The following examples use the v2 resource URL. If you are using a version of IBM MQ earlier than IBM MQ 9.1.5 you must use the v1 resource URL instead. That is, in the resource URL, substitute v1 where the example URL uses v2.

The following cURL example for Windows logs out a user.

The LTPA token is retrieved from the cookiejar.txt file by using the -b flag. CSRF protection is provided by the presence of the ibm-mq-rest-csrf-token HTTP header. The location of the cookiejar.txt file is specified by the -c flag so that the LTPA token is deleted from the file:


curl -k "https://localhost:9443/ibmmq/rest/v2/login" -X DELETE 
-H "ibm-mq-rest-csrf-token: value" -b c:\cookiejar.txt 
-c c:\cookiejar.txt