API design question. Login/Logout

Hey folks, not sure where else to discuss this, hopefully this is appropriate.

We’re currently in the early stages of building out our app API and something came up in a review I’m wrestling with. Involves what I would think is, a basic authentication service for /login /logout .

First cut of this is having a service that is specific to this functionality. While my thought on this is it would make more sense in the context of a users service, e.g., /users/login , /users/logout, since these actions are related to, well, a user.

Is there a common “rule of thumb” and/or best practice on how to go about this?

Thanks for any help on this.