Skip to main content
POST
https://{yourDomain}
/
oauth
/
revoke
Revoke Refresh Token
curl --request POST \
  --url https://{yourDomain}/oauth/revoke \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data client_id=YOUR_CLIENT_ID \
  --data client_secret=YOUR_CLIENT_SECRET \
  --data token=YOUR_REFRESH_TOKEN
"OK"

Authorizations

Authorization
string
header
required

The access token received from the authorization server in the OAuth 2.0 flow.

Body

application/x-www-form-urlencoded
client_id
string
required

Your application's Client ID

token
string
required

The refresh token you want to revoke

client_secret
string

Your application's Client Secret (required for confidential clients)

client_assertion
string

A JWT signed with your client secret or private key (for Private Key JWT authentication)

client_assertion_type
enum<string>

Must be 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer' when using client_assertion

Available options:
urn:ietf:params:oauth:client-assertion-type:jwt-bearer

Response

Token revoked successfully (or token was already invalid/revoked)

The response is of type string.