Disclaimer: This website requires Please enable JavaScript in your browser settings for the best experience.

Dev GuideRecipesAPI ReferenceChangelog
Dev GuideAPI ReferenceChangelogUser GuideDev CommunityOptimizely AcademySubmit a ticketLog In
Dev Guide

Revoke tokens

Learn how to revoke access and refresh tokens in Optimizely CMP using HTTP POST requests for secure token management.

You can revoke the tokens generated by the Authorization code flow.

Revoke access token

Revoke an access_token by making an HTTP POST request to the authorization server.

HTTP POST
https://accounts.welcomesoftware.com/o/oauth2/v1/revoke

Request payload:
{
  "token"           : "bd680785-b090-40ca-9a32-22df51e96e7a",
  "token_type_hint" : "access_token",
  "client_id"       : "12345678-1234-1234-1234-123456789012",
  "client_secret"   : "my-encrypted-secret-1234"
}

Response payload:
{
    "msg" : "success"
}

Revoke refresh token

Revoke a refresh_token by making an HTTP POST request to the authorization server.

HTTP POST
https://accounts.welcomesoftware.com/o/oauth2/v1/revoke

Request payload:
{
  "token"           : "e053d83e-14e1-4ba4-b18e-ea654b39a02e",
  "token_type_hint" : "refresh_token",
  "client_id"       : "12345678-1234-1234-1234-123456789012",
  "client_secret"   : "my-encrypted-secret-1234"
}

Response payload:
{
  "msg" : "success"
}

Revoke token without mentioning any token type

Revoke a token without passing the token_hint_type field in the request payload. The passed token can be an access_token or a refresh_token. The authorization server automatically deduces the type of the token and revokes it.

HTTP POST
https://accounts.welcomesoftware.com/o/oauth2/v1/revoke

Request payload:
{
  "token"         : "e053d83e-14e1-4ba4-b18e-ea654b39a02e",
  "client_id"     : "12345678-1234-1234-1234-123456789012",
  "client_secret" : "my-encrypted-secret-1234"
}

Response payload:
{
  "msg" : "success"
}