Trongate Docs
switch to dark modeswitch to dark mode
»
»
Destroying Tokens (JavaScript Friendly Version)

Destroying Tokens (JavaScript Friendly Version)

The 'Destroy Token' API Endpoint

Trongate apps contain an API endpoint that can be used to destroy tokens via HTTP DELETE (or POST) requests.  The URL for destroying tokens is your base URL followed by trongate_tokens/destroy.

Did You Know?
PHP does not distinguish between HTTP DELETE requests and HTTP POST requests.  In PHP, both types of request as treated as POST requests.

Just To Let You Know
If you are eager to disable this endpoint, open up Trongate_tokens.php (it's inside the trongate_tokens module) and add a die(); statement at the beginning of the 'destroy' method.  For example,

    function destroy() {

    die();  //disable this endpoint!​

    if (!isset($_SERVER['HTTP_TRONGATETOKEN'])) {
        http_response_code(422);
        echo 'No token found in here!';
        die();
    } else {
        $params['token'] = $_SERVER['HTTP_TRONGATETOKEN'];
        $sql = 'delete from trongate_tokens where token = :token';
        $this->model->query_bind($sql, $params);
        http_response_code(200);
        echo 'Token deleted.';
        die();
    }
}

Adding Your Token To The Header

To use Trongate's token management system in a stateless environment, you'll have to attach a valid token onto the header of your HTTP requests.

In vanilla JavaScript this can be achieved with the following code:

setRequestHeader("trongateToken",token)

Just To Let You Know
Our JavaScript code above assumes that you have created a variable called 'token' with a value that's equal to a valid Trongate security token.

The screenshot below show an example of Trongate's API Manager being used to successfully destroy a token that has been attached to the header of an HTTP request.  As you can see (near the top right hand side) the server has responded with a '200' status code.

successfully destroying a token with the Trongate API Manager

WARNING!
Invoking the destroy() method will not remove session data, cookie data or any other form of other data that may potentially be stored on the end user's device.  Instead, the method simply deletes all records from the 'trongate_tokens' table where tokens are found to match the submitted token value.


HELP & SUPPORT

If you have a question or a comment relating to anything you've see here, please goto the Help Bar.

 
×