Submit Documentation FeedbackJoin Developer Community
HomeGuidesAPI Reference
Submit Documentation FeedbackJoin Developer CommunityOptimizely GitHubOptimizely NuGetLog In
Optimizely GitHubOptimizely NuGet

Revoke tokens

Suggest Edits

You can revoke the tokens generated by the Authorization code flow.

Revoke access token

Revoke an access_token by making an HTTP POST request to the authorization server.

HTTP POST
https://accounts.welcomesoftware.com/o/oauth2/v1/revoke

Request payload:
    {
      "token": "bd680785-b090-40ca-9a32-22df51e96e7a",
      "token_type_hint": "access_token",
      "client_id": "12345678-1234-1234-1234-123456789012",
      "client_secret": "my-encrypted-secret-1234"
    }

Response payload:
    {
        "msg": "success"
    }

Revoke refresh token

Revoke a refresh_token by making an HTTP POST request to the authorization server.

HTTP POST
https://accounts.welcomesoftware.com/o/oauth2/v1/revoke

Request payload:
    {
      "token": "e053d83e-14e1-4ba4-b18e-ea654b39a02e",
      "token_type_hint": "refresh_token",
      "client_id": "12345678-1234-1234-1234-123456789012",
      "client_secret": "my-encrypted-secret-1234"
    }

Response payload:
    {
        "msg": "success"
    }

Revoke token without mentioning any token type

Revoke a token without passing the token_hint_type field in the request payload. The passed token can either be an access_token or a refresh_token. The authorization server automatically deduces the type of the token and revokes it.

HTTP POST
https://accounts.welcomesoftware.com/o/oauth2/v1/revoke

Request payload:
    {
      "token": "e053d83e-14e1-4ba4-b18e-ea654b39a02e",
      "client_id": "12345678-1234-1234-1234-123456789012",
      "client_secret": "my-encrypted-secret-1234"
    }

Response payload:
    {
        "msg": "success"
    }

Updated 3 months ago

What’s Next