As described in the blog post below, I’m exposing a Generic Inquiry (GI) to be retrieved by an external system via the REST API. We are using OAuth2 authentication with grant_type=password and scope=api.
As shown in the blog post, I’m sending a PUT request to Acumatica with a {} in the request body.
https://www.acumatica.com/blog/contract-based-apis-in-generic-inquiries/
Could you please clarify whether it is necessary to call a logout after performing the PUT request?
Best answer by malinthawarnakulasooriya08
Thank you
I tested this using Postman with OAuth2 (grant_type=password and scope=api):
I generated an access token and made a successful PUT request.
Then, I generated another token (while the first was still valid) and made another API call.
During this, I checked System Monitor — only one active session appeared for the integration user.
So, based on this test, it seems that with OAuth2, no logout is required, as tokens are stateless and don’t create persistent sessions like cookie-based logins.
Let me know if I missed anything.
Hi @malinthawarnakulasooriya08,
Yes, we need to perform a logout after the API call.
If we don’t log out, the API user session remains active and appears on the System Monitor screen. This increases the number of active users in Acumatica, which could lead to licensing or usage issues.
Hope above helps!!
Thank you
I tested this using Postman with OAuth2 (grant_type=password and scope=api):
I generated an access token and made a successful PUT request.
Then, I generated another token (while the first was still valid) and made another API call.
During this, I checked System Monitor — only one active session appeared for the integration user.
So, based on this test, it seems that with OAuth2, no logout is required, as tokens are stateless and don’t create persistent sessions like cookie-based logins.
Let me know if I missed anything.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
