HomeGuidesAPI Reference
Submit Documentation FeedbackJoin Developer CommunityOptimizely GitHubOptimizely NuGetLog In

Revoke tokens

You can revoke the tokens generated by the Authorization code flow.

Revoke access token

Revoke an access_token by making an HTTP POST request to the authorization server.

HTTP POST
https://accounts.welcomesoftware.com/o/oauth2/v1/revoke

Request payload:
    {
      "token": "bd680785-b090-40ca-9a32-22df51e96e7a",
      "token_type_hint": "access_token",
      "client_id": "12345678-1234-1234-1234-123456789012",
      "client_secret": "my-encrypted-secret-1234"
    }

Response payload:
    {
        "msg": "success"
    }

Revoke refresh token

Revoke a refresh_token by making an HTTP POST request to the authorization server.

HTTP POST
https://accounts.welcomesoftware.com/o/oauth2/v1/revoke

Request payload:
    {
      "token": "e053d83e-14e1-4ba4-b18e-ea654b39a02e",
      "token_type_hint": "refresh_token",
      "client_id": "12345678-1234-1234-1234-123456789012",
      "client_secret": "my-encrypted-secret-1234"
    }

Response payload:
    {
        "msg": "success"
    }

Revoke token without mentioning any token type

Revoke a token without passing the token_hint_type field in the request payload. The passed token can either be an access_token or a refresh_token. The authorization server automatically deduces the type of the token and revokes it.

HTTP POST
https://accounts.welcomesoftware.com/o/oauth2/v1/revoke

Request payload:
    {
      "token": "e053d83e-14e1-4ba4-b18e-ea654b39a02e",
      "client_id": "12345678-1234-1234-1234-123456789012",
      "client_secret": "my-encrypted-secret-1234"
    }

Response payload:
    {
        "msg": "success"
    }

What’s Next