Skip to content

Revoke Token

Revoke the current user's token. After revocation, the token becomes invalid. Note: to avoid leaking sensitive information, the interface returns success uniformly when revoking tokens that are invalid, already revoked, or expired.

Request Description

http
POST https://{your_domain}/api/v1/oauth2/revoke

Request Headers

ParameterNameRequiredExampleDescription
AuthorizationAuthentication infoRequiredBasic UnFCMkhKd4OWWA==Use client_id and client_secret for Base64 authentication.
Format: base64(client_id:client_secret)
Content-TypeData typeRequiredapplication/x-www-form-urlencodedSubmit parameters using form data.

Request Example

http
POST https://{your_domain}/api/v1/oauth2/revoke

Authorization: Basic UnFCMkhKdGt6bFU...aT0NObkk4NlNOWk9xWA==

Content-Type: application/x-www-form-urlencoded

token=MmVkMzYmMzODBkYjY3UV4nmxKh4z....&token_type_hint=access_token

Request Parameters

ParameterNameRequiredExampleDescription
tokenTokenYes
token_type_hintOptionalDefaults to access_token

Response Example

Success Response Example

HTTP/1.1 200 OK

Error Response Example

HTTP 401 Unauthorized

json

{
    "error": "invalid_client",
    "error_description": "Bad client credentials"
}

Response Parameters

If successful, an empty body is returned.

BambooCloud IDaaS Open Platform