Revoke tokens
Learn how to revoke access and refresh tokens in Optimizely CMP using HTTP POST requests for secure token management.
You can revoke the tokens generated by the Authorization code flow.
Revoke access token
Revoke an access_token by making an HTTP POST request to the authorization server.
HTTP POST
https://accounts.welcomesoftware.com/o/oauth2/v1/revoke
Request payload:
{
"token" : "bd680785-b090-40ca-9a32-22df51e96e7a",
"token_type_hint" : "access_token",
"client_id" : "12345678-1234-1234-1234-123456789012",
"client_secret" : "my-encrypted-secret-1234"
}
Response payload:
{
"msg" : "success"
}Revoke refresh token
Revoke a refresh_token by making an HTTP POST request to the authorization server.
HTTP POST
https://accounts.welcomesoftware.com/o/oauth2/v1/revoke
Request payload:
{
"token" : "e053d83e-14e1-4ba4-b18e-ea654b39a02e",
"token_type_hint" : "refresh_token",
"client_id" : "12345678-1234-1234-1234-123456789012",
"client_secret" : "my-encrypted-secret-1234"
}
Response payload:
{
"msg" : "success"
}Revoke token without mentioning any token type
Revoke a token without passing the token_hint_type field in the request payload. The passed token can be an access_token or a refresh_token. The authorization server automatically deduces the type of the token and revokes it.
HTTP POST
https://accounts.welcomesoftware.com/o/oauth2/v1/revoke
Request payload:
{
"token" : "e053d83e-14e1-4ba4-b18e-ea654b39a02e",
"client_id" : "12345678-1234-1234-1234-123456789012",
"client_secret" : "my-encrypted-secret-1234"
}
Response payload:
{
"msg" : "success"
}Updated 1 day ago
Next