/api/program/logout
GETClear encryption key from server memory and exit the program for security.
Description
The `/api/program/logout` endpoint (implemented as `/api/wallet/encryption/clear`) provides a secure way to clear the encryption key from server memory and immediately terminate the CloudCoin Console program. This is a critical security feature that ensures encryption keys do not persist in memory after you've finished working with encrypted coins.
This endpoint causes the server to exit immediately after responding.
- The CloudCoin Console program will shut down after sending the response
- All active connections will be terminated
- You will need to restart the program to perform any further operations
- To access encrypted coins again, you must restart and use
/api/program/login
This endpoint provides essential security features:
- Memory Protection: Ensures encryption keys don't remain in RAM after use
- Forced Logout: Guarantees a clean session termination
- Defense Against Memory Attacks: Prevents potential memory-scraping attacks
- Session Isolation: Requires explicit re-authentication to access encrypted coins
Parameters
This endpoint does not require any parameters.
Response
Returns a JSON object confirming the logout action before the program exits.
Response Properties
true if an encryption key was previously set and has been cleared.false if no encryption key was currently set.
Example Response (Key Was Set)
{
"status": "success",
"operation": "encryption-clear",
"was_set": true,
"message": "Encryption key cleared from memory - exiting program"
}Example Response (No Key Was Set)
{
"status": "success",
"operation": "encryption-clear",
"was_set": false,
"message": "No encryption key is currently set - exiting program"
}Implementation Details
Security Process
When this endpoint is called, the following security operations occur:
- Key Zeroing: If an encryption key was set, it is overwritten with zeros using
memset() - Flag Reset: The global encryption key flag is set to
false - Response Sent: JSON response is sent to the client
- Program Exit: The server calls
exit(0)to terminate the process
This endpoint provides an automatic security measure. Even if you forget to explicitly logout, the encryption key will be cleared when the program exits normally or crashes. However, explicit logout is recommended as a best practice.
Examples
JavaScript (fetch)
const API_HOST = 'http://localhost:8080';
async function logout() {
try {
const response = await fetch(`${API_HOST}/api/wallet/encryption/clear`);
const result = await response.json();
console.log('Logout Response:');
console.log(`Was Key Set: ${result.was_set}`);
console.log(`Message: ${result.message}`);
console.log('Note: Server has exited - restart required for further operations');
// Note: Any subsequent requests will fail because server has exited
return result;
} catch (error) {
// This is expected - server exits after sending response
console.log('Server has exited (expected behavior)');
}
}
// Usage
logout();
cURL
# Logout and exit program
curl -X GET "http://localhost:8080/api/wallet/encryption/clear"
# Expected output (before server exits):
# {
# "status": "success",
# "operation": "encryption-clear",
# "was_set": true,
# "message": "Encryption key cleared from memory - exiting program"
# }
Go
package main
import (
"encoding/json"
"fmt"
"io/ioutil"
"net/http"
)
const ApiHost = "http://localhost:8080"
type LogoutResponse struct {
Status string `json:"status"`
Operation string `json:"operation"`
WasSet bool `json:"was_set"`
Message string `json:"message"`
}
func logout() error {
url := fmt.Sprintf("%s/api/wallet/encryption/clear", ApiHost)
resp, err := http.Get(url)
if err != nil {
return fmt.Errorf("request error: %w", err)
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
return fmt.Errorf("read error: %w", err)
}
var result LogoutResponse
if err := json.Unmarshal(body, &result); err != nil {
return fmt.Errorf("parse error: %w", err)
}
fmt.Printf("Logout successful\n")
fmt.Printf("Was Key Set: %v\n", result.WasSet)
fmt.Printf("Message: %s\n", result.Message)
fmt.Printf("Note: Server has exited - restart required\n")
return nil
}
func main() {
if err := logout(); err != nil {
fmt.Printf("Logout error: %v\n", err)
// Note: Errors may occur after response if server exits quickly
}
}
Typical Workflow
Here's a typical workflow for working with encrypted coins:
// 1. Start CloudCoin Console server
// 2. Login with encryption key
const encryptionKey = "a1b2c3d4e5f67890a1b2c3d4e5f67890"; // 32 hex chars
await fetch(`${API_HOST}/api/wallet/encryption/set?key=${encryptionKey}`);
// 3. Perform operations with encrypted coins
await fetch(`${API_HOST}/api/wallet/show`);
await fetch(`${API_HOST}/api/detect`, { method: 'POST', ... });
// 4. Logout when finished (clears key and exits program)
await fetch(`${API_HOST}/api/wallet/encryption/clear`);
// 5. Restart server when you need to work with coins again
Error Handling
This endpoint always returns a success response before exiting. There are no error conditions because:
- No parameters are required, so no validation errors
- Clearing an already-clear key is not considered an error
- Program exit is intentional behavior, not an error
Your client code may experience connection errors after calling this endpoint because the server terminates. This is expected behavior and should be handled gracefully:
- Don't treat connection errors after logout as failures
- Implement retry logic with exponential backoff if you auto-restart the server
- Show appropriate UI messages about server restart requirements
Related Endpoints
/api/program/login
Set the encryption key to unlock access to encrypted coin files (implemented as /api/wallet/encryption/set).
/api/wallet/encryption/key-struct
Get the encryption key structure used for RAIDA requests.