You can now define a logout back end in an API deployment specification, for use with an OAuth 2.0 token authentication policy.

When defining an OAuth 2.0 token authentication policy, you can optionally specify an OAuth 2.0 validation failure policy that includes a path to a logout back end. A logout back end enables API clients to log out cleanly by revoking access tokens, and potentially call other URLs to perform additional post-logout tasks.

For more information, see Adding Logout as an API Gateway Back End.