Disclaimer: This website requires JavaScript to function properly. Some features may not work as expected. Please enable JavaScript in your browser settings for the best experience.

Dev GuideAPI ReferenceUser Guide
Dev GuideAPI ReferenceChangelog
Dev GuideAPI ReferenceUser GuideLegal TermsDev CommunityOptimizely AcademySubmit a ticketLog In
Dev Guide
Legal TermsDev CommunityOptimizely AcademySubmit a ticket

Revoke tokens

Suggest Edits

You can revoke the tokens generated by the Authorization code flow.

Revoke access token

Revoke an access_token by making an HTTP POST request to the authorization server.

HTTP POST
https://accounts.welcomesoftware.com/o/oauth2/v1/revoke

Request payload:
{
  "token"           : "bd680785-b090-40ca-9a32-22df51e96e7a",
  "token_type_hint" : "access_token",
  "client_id"       : "12345678-1234-1234-1234-123456789012",
  "client_secret"   : "my-encrypted-secret-1234"
}

Response payload:
{
    "msg" : "success"
}

Revoke refresh token

Revoke a refresh_token by making an HTTP POST request to the authorization server.

HTTP POST
https://accounts.welcomesoftware.com/o/oauth2/v1/revoke

Request payload:
{
  "token"           : "e053d83e-14e1-4ba4-b18e-ea654b39a02e",
  "token_type_hint" : "refresh_token",
  "client_id"       : "12345678-1234-1234-1234-123456789012",
  "client_secret"   : "my-encrypted-secret-1234"
}

Response payload:
{
  "msg" : "success"
}

Revoke token without mentioning any token type

Revoke a token without passing the token_hint_type field in the request payload. The passed token can be an access_token or a refresh_token. The authorization server automatically deduces the type of the token and revokes it.

HTTP POST
https://accounts.welcomesoftware.com/o/oauth2/v1/revoke

Request payload:
{
  "token"         : "e053d83e-14e1-4ba4-b18e-ea654b39a02e",
  "client_id"     : "12345678-1234-1234-1234-123456789012",
  "client_secret" : "my-encrypted-secret-1234"
}

Response payload:
{
  "msg" : "success"
}

Updated 9 months ago

Next