Disclaimer: This website requires Please enable JavaScript in your browser settings for the best experience.

Dev GuideAPI ReferenceChangelog
Dev GuideAPI ReferenceUser GuideLegal TermsDev CommunityOptimizely AcademySubmit a ticketLog In
Dev Guide

Revoke tokens

You can revoke the tokens generated by the Authorization code flow.

Revoke access token

Revoke an access_token by making an HTTP POST request to the authorization server.

HTTP POST
https://accounts.welcomesoftware.com/o/oauth2/v1/revoke

Request payload:
{
  "token"           : "bd680785-b090-40ca-9a32-22df51e96e7a",
  "token_type_hint" : "access_token",
  "client_id"       : "12345678-1234-1234-1234-123456789012",
  "client_secret"   : "my-encrypted-secret-1234"
}

Response payload:
{
    "msg" : "success"
}

Revoke refresh token

Revoke a refresh_token by making an HTTP POST request to the authorization server.

HTTP POST
https://accounts.welcomesoftware.com/o/oauth2/v1/revoke

Request payload:
{
  "token"           : "e053d83e-14e1-4ba4-b18e-ea654b39a02e",
  "token_type_hint" : "refresh_token",
  "client_id"       : "12345678-1234-1234-1234-123456789012",
  "client_secret"   : "my-encrypted-secret-1234"
}

Response payload:
{
  "msg" : "success"
}

Revoke token without mentioning any token type

Revoke a token without passing the token_hint_type field in the request payload. The passed token can be an access_token or a refresh_token. The authorization server automatically deduces the type of the token and revokes it.

HTTP POST
https://accounts.welcomesoftware.com/o/oauth2/v1/revoke

Request payload:
{
  "token"         : "e053d83e-14e1-4ba4-b18e-ea654b39a02e",
  "client_id"     : "12345678-1234-1234-1234-123456789012",
  "client_secret" : "my-encrypted-secret-1234"
}

Response payload:
{
  "msg" : "success"
}