Plugipay
ForjioHuudisIdentityPlugipayPaymentsStorlaunchE-commerceFulkrumaFulfilmentRiplloMarketingLinkSnapShort URLsPawpadoGPU streaming
Plugipay Docs
⌘K

Sign out

Signing out ends your Plugipay session. The next time you visit plugipay.com you'll need to authenticate again.

This page covers:

  • Signing out of the current browser.
  • Signing out of every session (every device, every browser).
  • What stays signed in elsewhere (Huudis SSO).
  • How long sessions last by default.

Sign out of this browser

Click your avatar in the top-right of the dashboard, then Sign out.

What happens:

  1. Plugipay clears the plugipay_session cookie.
  2. The dashboard redirects to plugipay.com/signin.

That's it. Your other browsers, other devices, and other Forjio products are unaffected.

Sign out of all Plugipay sessions

If you suspect a session is open somewhere you don't control — an old laptop, a shared computer, a phone you've lost — sign out everywhere at once:

  1. Go to Settings → Security → Active sessions.
  2. Click Sign out of all other sessions to terminate every session except the current one.
  3. Or click Sign out everywhere to terminate every Plugipay session including this one.

What this does:

  • Invalidates every Plugipay session cookie issued for your account.
  • Forces re-authentication on every device on the next request.
  • Does not revoke your Huudis identity — if you're signed in to other Forjio products, those sessions continue.

Sign out of Huudis (and every Forjio product)

To sign out of every Forjio product simultaneously (Plugipay, Storlaunch, Fulkruma, LinkSnap, Pawpado, Catentio, Ripllo), sign out at the Huudis level:

  1. Go to huudis.com/account.
  2. Click Sign out of all products.

This:

  • Revokes every active access and refresh token Huudis has issued.
  • Forces each Forjio product to send you through the OIDC flow on your next visit.
  • Effectively signs you out everywhere in one click.

Use this if you're losing a device or suspect your Huudis account has been compromised.

What about API keys?

API keys are independent of your browser session. Signing out doesn't affect them.

If you suspect an API key is compromised:

  1. Go to Settings → API keys.
  2. Find the key.
  3. Click Revoke.

Revoked keys stop authenticating within seconds — we propagate revocations through our caches quickly. Active requests using the key will start failing with 401 unauthorized.

For full account compromise (you don't know what's accessed), the safe response is:

  1. Revoke every API key on the workspace.
  2. Sign out of all Plugipay sessions.
  3. Reset your Huudis password.
  4. Review the Audit log for unusual activity.
  5. Email hello@plugipay.com if you find anything you didn't authorize.

How long sessions last

Default cookie lifetimes:

  • Browser session cookie — rolling 30-day expiry. Each request bumps it.
  • Huudis access token (inside the cookie) — 15 minutes. Refreshed automatically.
  • Huudis refresh token (inside the cookie) — 30 days. Rotated on each refresh.

You'll be silently re-authenticated as long as the refresh token is valid. After 30 days of true inactivity, you'll go through the OIDC flow again on your next visit.

There's no way to extend these limits — they're set by Huudis at the IdP level for security.

CLI and SDK sign-out

Sessions in the CLI live in ~/.plugipay/credentials. To sign out:

plugipay auth logout

This removes the cached tokens. The next CLI command will require plugipay auth login again. See CLI → Authentication for the device-flow details.

The SDKs don't maintain persistent sessions — they use API keys from environment variables. There's nothing to "sign out" of in code. If you've leaked a key, revoke it in the portal.

Sign-out and webhooks

Webhooks aren't tied to your session. They keep firing regardless of whether you're signed in. Their authentication is the signing secret on the endpoint, not your account credentials.

If you want to pause webhook delivery temporarily, disable the endpoint in Settings → Webhooks — that's the right control.

Common errors

"Couldn't sign you out"

A network error during sign-out. Plugipay couldn't reach Huudis to revoke the tokens. The local cookie is cleared regardless — you're effectively signed out on this device. Other devices (if any) keep their sessions until you retry from a working connection.

Still signed in after clicking sign out

Two cookies, one tab. If you opened a new tab while signing out and that tab made a request before the cookie clear propagated, the response might re-set the cookie. Sign out again and close the browser entirely.

Signed out unexpectedly

Most common cause: your session reached 30 days of inactivity. Less common: a workspace admin terminated your session, or you reset your password (resets don't auto-sign-out, but a refresh-token revocation does).

Check the Audit log under "Sessions → Terminated" if you want to know.

Next

Plugipay — Payments that don't tax your success