diff --git a/apps/emqx_dashboard/src/emqx_dashboard_admin.erl b/apps/emqx_dashboard/src/emqx_dashboard_admin.erl
index 8a1306e94..b477bd779 100644
--- a/apps/emqx_dashboard/src/emqx_dashboard_admin.erl
+++ b/apps/emqx_dashboard/src/emqx_dashboard_admin.erl
@@ -40,7 +40,7 @@
 
 -export([ sign_token/2
         , verify_token/1
-        , destroy_token_by_username/1
+        , destroy_token_by_username/2
         ]).
 
 -export([add_default_user/0]).
@@ -177,8 +177,13 @@ sign_token(Username, Password) ->
 verify_token(Token) ->
     emqx_dashboard_token:verify(Token).
 
-destroy_token_by_username(Username) ->
-    emqx_dashboard_token:destroy_by_username(Username).
+destroy_token_by_username(Username, Token) ->
+    case emqx_dashboard_token:lookup(Token) of
+        {ok, #mqtt_admin_jwt{username = Username}} ->
+            emqx_dashboard_token:destroy(Token);
+        _ ->
+            {error, not_found}
+    end.
 
 %%--------------------------------------------------------------------
 %% Internal functions
diff --git a/apps/emqx_dashboard/src/emqx_dashboard_api.erl b/apps/emqx_dashboard/src/emqx_dashboard_api.erl
index 4761432fb..68c737488 100644
--- a/apps/emqx_dashboard/src/emqx_dashboard_api.erl
+++ b/apps/emqx_dashboard/src/emqx_dashboard_api.erl
@@ -170,10 +170,14 @@ login(post, #{body := Params}) ->
             {401, #{code => ?ERROR_USERNAME_OR_PWD, message => <<"Auth filed">>}}
     end.
 
-logout(_, #{body := Params}) ->
-    Username = maps:get(<<"username">>, Params),
-    emqx_dashboard_admin:destroy_token_by_username(Username),
-    {200}.
+logout(_, #{body := #{<<"username">> := Username},
+            headers := #{<<"authorization">> := <<"Bearer ", Token/binary>>}}) ->
+    case emqx_dashboard_admin:destroy_token_by_username(Username, Token) of
+        ok ->
+            200;
+        _R ->
+            {401, 'BAD_TOKEN_OR_USERNAME', <<"Ensure your token & username">>}
+    end.
 
 users(get, _Request) ->
     {200, [row(User) || User <- emqx_dashboard_admin:all_users()]};
diff --git a/apps/emqx_dashboard/src/emqx_dashboard_token.erl b/apps/emqx_dashboard/src/emqx_dashboard_token.erl
index 9086b4c2e..2acf00f13 100644
--- a/apps/emqx_dashboard/src/emqx_dashboard_token.erl
+++ b/apps/emqx_dashboard/src/emqx_dashboard_token.erl
@@ -22,6 +22,7 @@
 
 -export([ sign/2
         , verify/1
+        , lookup/1
         , destroy/1
         , destroy_by_username/1
         ]).
@@ -121,14 +122,15 @@ do_verify(Token)->
 
 do_destroy(Token) ->
     Fun = fun mnesia:delete/1,
-    ekka_mnesia:transaction(?DASHBOARD_SHARD, Fun, [{?TAB, Token}]).
+    {atomic, ok} = ekka_mnesia:transaction(?DASHBOARD_SHARD, Fun, [{?TAB, Token}]),
+    ok.
 
 do_destroy_by_username(Username) ->
     gen_server:cast(?MODULE, {destroy, Username}).
 
 %%--------------------------------------------------------------------
 %% jwt internal util function
-
+-spec(lookup(Token :: binary()) -> {ok, #mqtt_admin_jwt{}} | {error, not_found}).
 lookup(Token) ->
     case mnesia:dirty_read(?TAB, Token) of
         [JWT] -> {ok, JWT};