New API endpoint for revoking tokens

Skip to first unread message

Wilmers, Catalina

Dec 8, 2017, 3:44:56 PM12/8/17
We’re excited to announce a new feature that members have requested: a process for allowing clients to revoke tokens. The /oauth/revoke endpoint will disable the specified access and refresh token issued to your client and remove the permission from the list on the user’s account setting page.

To revoke a token you need to post the access or refresh token to the /oauth/revoke endpoint with your client id and secret, for example:

curl -i -L -H "Accept: application/json" --data "client_id=APP-NPXKK6HFN6TJ4YYI&client_secret=060c36f2-cce2-4f74-bde0-a17d8bb30a97&token=4ec62207-1d93-4396-9c24-8294893a791d" ""

Revoking an access token only disables that specific token and the associated refresh token; any additional tokens you have generated from the same user will not be affected. Full documentation is at 

Please let us know if you have any questions.

Reply all
Reply to author
0 new messages