HomeGuidesAPI ReferenceChangelog
Terms of Use
API Reference

OAuth token revocation

Revoke a short-lived bearer access token per RFC 7009 without rotating the underlying client credential.

Client authentication. Two methods are supported:

  • HTTP Basic (recommended): send client_id:client_secret Base64-encoded in the Authorization: Basic ... header.
  • POST body: include client_id and client_secret in the request body alongside token.

Sending credentials via both methods in the same request is rejected with invalid_request. Authorization: Bearer is not accepted for this endpoint.

Request format. Both application/x-www-form-urlencoded and application/json are accepted.

Recent Requests
Log in to see full request history
TimeStatusUser Agent
Retrieving recent requests…
LoadingLoading…
Body Params

Token revocation request body. Per RFC 7009 Section 2.1, the client authenticates and presents the bearer access token to revoke. The client may authenticate either via HTTP Basic authentication (recommended) or by including client_id and client_secret in the request body alongside token.

string
required

The bearer access token to revoke.

string

The client identifier. Required when client credentials are sent in the request body instead of via HTTP Basic authentication.

string

The client secret. Required when client credentials are sent in the request body instead of via HTTP Basic authentication.

Headers
string
enum
Defaults to application/json

Generated from available request content types

Allowed:
Responses

404

The OAuth token revocation endpoint is not enabled on this tenant.

Language
URL
LoadingLoading…
Response
Click Try It! to start a request and see the response here! Or choose an example:
application/json