POST oauth2/invalidate_token

POST oauth2/invalidate_token

Allows a registered application to revoke an issued oAuth 2.0 Bearer Token by presenting its client credentials. Once a Bearer Token has been invalidated, new creation attempts will yield a different Bearer Token and usage of the invalidated token will no longer be allowed.

Successful responses include a JSON-structure describing the revoked Bearer Token.

Resource URL

Resource Information

Response formats JSON
Requires authentication? Yes - oAuth 1.0a with the application's consumer API keys and the application owner's access token & access token secret
Rate limited? Yes


Name Required Description
access_token required The value of the bearer token that you would like to invalidate

Example request

    curl --request POST 
      --url ''
      --header 'authorization: OAuth oauth_consumer_key="CLIENT_KEY",
     oauth_nonce="AUTO_GENERATED_NONCE", oauth_signature="AUTO_GENERATED_SIGNATURE",
     oauth_signature_method="HMAC-SHA1", oauth_timestamp="AUTO_GENERATED_TIMESTAMP",
     oauth_token="ACCESS_TOKEN", oauth_version="1.0"'

Example response

     Status: 200 OK
     Content-Type: application/json; charset=utf-8
     Content-Length: 135
    "access_token": "AAAA%2FAAA%3DAAAAAAAA"