Frequently Asked Questions
Frequently Asked Questions
REST API - logging out of session
Posted by Henri Huhtamäki (M-Files) on 18 December 2019 04:34 PM


REST API session deletion (=logging out) includes a small but important addition to authentication to work.


Please see this link for information about REST API Session


Note that there is a delete option for session, which equals to a logout.

POST http://localhost/REST/session?_method=DELETE


However, when you are testing this you might run into the following error message:


    "Status": 403,

    "URL": "/session",

    "Method": "POST",

    "Exception": {

        "Name": "UnauthorizedAccessException",

        "Message": "Current session is not allowed to modify its state."


    "Stack": "Error reference ID: 65bfff16-c451-41b4-b1dd-e1db5f14f209",

    "Message": "Current session is not allowed to modify its state.",

    "IsLoggedToVault": true,

    "IsLoggedToApplication": true,

    "ExceptionName": "UnauthorizedAccessException"



This is because when creating the session via authentication, you need to add a session ID property for the connection for the delete session to work.

NOTE: SessionID needs to be a unique value, such as a generated GUID for each authentication request.



So, the authentication looks like this:


"Username": "user",

"Password": "password",

"VaultGuid": "{vault guid}",

"sessionID" : " e04084af-02cf-4009-bb83-2732cd5a6ffc"



And now, when you POST http://localhost/REST/session?_method=DELETE using the token from the authentication. session delete will return



    "Value": true


(0 vote(s))
This article was helpful
This article was not helpful

Help Desk Software by Kayako case