For sign in, you need a login token. After successful login, you receive a token for subsequent requests.
By calling signOut mutation, you can invalidate a token associated with current request
By setting a parameter
true, you invalidate all tokens associated with a current identity.
Only persons are allowed to sign out. It cannot be called with a permanent API key.
Superadmin or a project admin can invite other person to a project:
When a user with given email already exists in a system, he is just added to a project, otherwise a new user is created.