/api/system/logout

GET

Clear the in-memory file-encryption key. After logout, encrypted .bin files cannot be read until the user calls /api/system/login again.

http://localhost:8080/api/system/logout

Description

The /api/system/logout endpoint zeroes the global file-encryption key in memory. It is a session-level operation — the user's persistent password (stored as a salted hash in Client_Data/auth/verifier.bin) is not touched, so the next login with the same password will succeed normally.

After logout:

  • Encrypted .bin files can no longer be decrypted. Reads of them return RESULT_INVALID_PASSWORD.
  • New .bin writes go out plaintext (the same as on a never-logged-in process).
  • Files that were already plaintext on disk continue to work without warnings.
Logout vs. forgetting the password

This endpoint does not remove the verifier file or "reset" the password. It is the equivalent of locking the screen — the user can log back in with the same password and resume. There is no API to delete the verifier or change the password yet; that is a separate feature.

Parameters

None.

Response

Success — 200 OK

JSON Response
{
  "command": "logout",
  "success": true,
  "message": "File encryption key cleared",
  "key_set": false
}

Response Fields

FieldTypeDescription
commandstringAlways "logout".
successboolAlways true — clearing the key cannot fail in normal operation.
key_setboolAlways false. Reflects the post-call state.

Side effects

  • The 32-byte derived AES-256 key is overwritten with zeroes in memory.
  • No file on disk is modified or deleted.
  • Any in-flight async task that needs the key (e.g. /api/system/encrypt_existing_files) will fail on its next encryption operation. Avoid logging out while a long task is running.

Example Usage

curl "http://localhost:8080/api/system/logout"
await fetch('http://localhost:8080/api/system/logout');
import requests
requests.get('http://localhost:8080/api/system/logout')

Related Endpoints