Skip to main content

Revoke OAuth 2.0 Access or Refresh Token

POST 

/oauth2/revoke

Revoking a token (both access and refresh) means that the tokens will be invalid. A revoked access token can no longer be used to make access requests, and a revoked refresh token can no longer be used to refresh an access token. Revoking a refresh token also invalidates the access token that was created with it. A token may only be revoked by the client the token was generated for.

Request

Responses

Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is typically 201.