How to logout a user using the API to support single logout from a sso system

we have a single-sign-on system (sso) which also supports single logout.
Whenever a logout occurs the sso system will send a get request to the piwik server with a cookie containing the sessionId like


What would be a good place in piwik to check for this logout request ? It must be a place where every request gets through.

After recieving this logout request piwik must logout the user for this session. What would be the best way to trigger a logout ?
When a normal user clicks on logout the url https://piwikserver/analytics/piwik/index.php?module=Login&action=logout ist called
and the cookies “PIWIK_SESSID” is send. Is this sufficient or is there a other/better way to handle this ?