DELETE

Use the HTTP DELETE method with the login resource to log out a user and end a token-based authentication session.

For more information about how to use token based authentication, see Use token based authentication with the REST API.

• Resource URL
• Optional query parameters
• Request headers
• Request body format
• Security requirements
• Response status codes
• Response headers
• Response body format
• Examples

Resource URL

https://host:port/ibmmq/rest/v1/login

Optional query parameters

None.

Request headers

ibm-mq-rest-csrf-token

This header must be sent with a value that is the content of the csrfToken cookie. The content of the csrfToken cookie is used to confirm that the credentials that are being used to authenticate the request are being used by the owner of the credentials. That is, the token is used to prevent cross-site request forgery attacks.

The csrfToken cookie is returned after a request is made with an HTTP GET method. We cannot use a cached version of the content of the cookie because the content of the cookie can change. You must use the latest value of the cookie for each request.

The preceding information applies to releases up to and including IBM MQ Version 9.0.4. From IBM MQ Version 9.0.5, this header must be set, but the value can be anything, including being blank.

The csrfToken cookie is no longer sent in responses from the REST API in Version 9.0.5 and later.

Request body format

None.

Security requirements

• The LTPA token that is used to authenticate the user must be provided as a cookie.

With the response to the REST request, an instruction to delete the LTPA token from the local cookie store is included. Ensure that you process this instruction. If the instruction is not processed, and the LTPA token remains in the local cookie store, then the LTPA token can be used to authenticate future REST requests. That is, when the user attempts to authenticate with the LTPA token after the session is ended, a new session is created that uses the existing token.

Response status codes

204

User logged out successfully.

400

Invalid data provided.

401

Not authenticated.

An invalid LTPA token was provided; the contents of the ibm-mq-rest-csrf-token HTTP header was incorrect, or the ibm-mq-rest-csrf-token header was missing.

404

Resource was not found.

500

Server issue or error code from IBM MQ.

Response headers

None.

Response body format

The response body is empty if the logout is successful. If an error occurs, the response body contains an error message. For more information, see REST API error handling.

Examples

The following cURL example for Windows logs out a user.

From IBM MQ Version 9.0.5, the LTPA token is retrieved from the cookiejar.txt file by using the -b flag. CSRF protection is provided by the presence of the ibm-mq-rest-csrf-token HTTP header. The location of the cookiejar.txt file is specified by the -c flag so that the LTPA token is deleted from the file:

curl -k "https://localhost:9443/ibmmq/rest/v1/login" -X DELETE 
-H "ibm-mq-rest-csrf-token: value" -b c:\cookiejar.txt 
-c c:\cookiejar.txt

curl -k "https://localhost:9443/ibmmq/rest/v1/login" -X DELETE 
-H "ibm-mq-rest-csrf-token: 416E144A02E19E515ED5709A77FB07B4EF550FD1FE1
CC44CF82C5774088A041928486ABE9597618938B9F51D12FE4A0DFC1CB41D0C7567E9AB8
90F0FDB0EE43A27756F32341E712EFB82305F8603E566D3F1D0412BADDF60AEEE656A2F3
D06034FEF535BB67D52ACE265B3B6FB0D1B7F5EC83354F2118226C89FAC200724963FBA9
BDA30376DD84331933E300E543D01AEFE4AE638A6284DBA0210932CF00F376E150161591
0926BA38D612682F22DC92391776B013C38E73516CDC958F3D20661765097E4E0F4FC36D
C13871C6BDE06D95E33D0EF4B41742D95F54DF962BE28FCDE04963DF77EB9A3FEFB27CD2
597415DDB9D1427602DDF517D4E07C092BEA3" -b c:\cookiejar.txt 
-c c:\cookiejar.txt