You must provide a certificate where the Common Name of the certificate matches the username of an active Service User account on your pod.
To call the Logout endpoint for a user, you must have a valid sessionToken for the user.
Example call sequence:
To call the Logout endpoint for an app, you must have a valid session token for an app that's been installed for the user whom you intend to log out.
Example call sequences: