post
https://{tenantUrl}/public-api/oauth/revoke
Revoke a short-lived bearer access token per RFC 7009 without rotating the underlying client credential.
Client authentication. Two methods are supported:
- HTTP Basic (recommended): send
client_id:client_secretBase64-encoded in theAuthorization: Basic ...header. - POST body: include
client_idandclient_secretin the request body alongsidetoken.
Sending credentials via both methods in the same request is rejected with invalid_request. Authorization: Bearer is not accepted for this endpoint.
Request format. Both application/x-www-form-urlencoded and application/json are accepted.
Recent Requests
Log in to see full request history
| Time | Status | User Agent | |
|---|---|---|---|
Retrieving recent requests… | |||
Loading…
404The OAuth token revocation endpoint is not enabled on this tenant.