Skip to main content

Logout Users

Logout Endpoint

Use this endpoint to logout an end-user from the authentication server, meaning they can not receive new Access Tokens without re-authenticating or without using a Refresh Token. Logging out does not invalidate the existing Access Token (expires after its lifetime of 20 minutes) or existing Refresh Token (see Refresh Tokens page for expiration details). When your application logs a user out, it should discard the Access Token and Refresh Token to prevent further access to the TradeStation API.

When logging out the user from the authentication server using the logout endpoint, the user will be redirected to by default if the returnTo and client_id parameters are not included in the logout request.

If you want to redirect the user to a specific URL after logout, you will need to include the url in the returnTo parameter and the client_id as a parameter in the logout request. All custom logout redirect URLs must be included in the Allowed Logout URLs list that your API Key is configured with. TradeStation API Keys are configured by default with the following Allowed Logout URLs:

  • http://localhost/logout
  • http://localhost:80/logout
  • http://localhost:3000/logout
  • http://localhost:3001/logout
  • http://localhost:8080/logout
  • http://localhost:31022/logout

If you need to add, update, or delete any of these logout URL options on your API Keys, please contact Client Services to request these adjustments.

Logout URL:


Request Parameters:

returnTooptionalURL to redirect the user after the logout. Requires Allowed Logout URL configuration through TradeStation Client Services. If returnTo parameter is not provided, the user will be returned to
client_idoptionalThe client_id of your application. Required if you are including a returnTo URL from the list of Allowed Logout URLs that your API Key is configured with. If client_id parameter is not provided, the user will be returned to

Example Request: