diff --git a/packages/backend/src/server/api/endpoints.ts b/packages/backend/src/server/api/endpoints.ts
index 3237935d5..c85bb6632 100644
--- a/packages/backend/src/server/api/endpoints.ts
+++ b/packages/backend/src/server/api/endpoints.ts
@@ -67,6 +67,7 @@ import * as ep___ap_show from './endpoints/ap/show.js';
 import * as ep___app_create from './endpoints/app/create.js';
 import * as ep___app_show from './endpoints/app/show.js';
 import * as ep___auth_accept from './endpoints/auth/accept.js';
+import * as ep___auth_deny from './endpoints/auth/deny.js';
 import * as ep___auth_session_generate from './endpoints/auth/session/generate.js';
 import * as ep___auth_session_show from './endpoints/auth/session/show.js';
 import * as ep___auth_session_userkey from './endpoints/auth/session/userkey.js';
@@ -375,6 +376,7 @@ const eps = [
 	['app/create', ep___app_create],
 	['app/show', ep___app_show],
 	['auth/accept', ep___auth_accept],
+	['auth/deny', ep___auth_deny],
 	['auth/session/generate', ep___auth_session_generate],
 	['auth/session/show', ep___auth_session_show],
 	['auth/session/userkey', ep___auth_session_userkey],
diff --git a/packages/backend/src/server/api/endpoints/auth/deny.ts b/packages/backend/src/server/api/endpoints/auth/deny.ts
new file mode 100644
index 000000000..ca1a585c7
--- /dev/null
+++ b/packages/backend/src/server/api/endpoints/auth/deny.ts
@@ -0,0 +1,38 @@
+import { AuthSessions } from '@/models/index.js';
+import define from '../../define.js';
+import { ApiError } from '../../error.js';
+
+export const meta = {
+	tags: ['auth'],
+
+	requireCredential: true,
+
+	secure: true,
+
+	errors: {
+		noSuchSession: {
+			message: 'No such session.',
+			code: 'NO_SUCH_SESSION',
+			id: '9c72d8de-391a-43c1-9d06-08d29efde8df',
+		},
+	},
+} as const;
+
+export const paramDef = {
+	type: 'object',
+	properties: {
+		token: { type: 'string' },
+	},
+	required: ['token'],
+} as const;
+
+// eslint-disable-next-line import/no-default-export
+export default define(meta, paramDef, async (ps, user) => {
+	const result = await AuthSessions.delete({
+		token: ps.token,
+	});
+
+	if (result.affected == 0) {
+		throw new ApiError(meta.errors.noSuchSession);
+	}
+});