Ask Moov Beta
Generative AI is experimental and can make mistakes.
Guides Use cases API Changelog
  1. API reference
  2. v2025.01.00
  3. Authentication
  4. Access tokens

Revoke an access token

Revoke an auth token.

Allows clients to notify the authorization server that a previously obtained refresh or access token is no longer needed.

POST
/oauth2/revoke
TypeScript PHP Python Java Ruby 
import { SDK } from "openapi";

const sdk = new SDK({
  xMoovVersion: "v2024.01.00",
});

async function run() {
  const result = await sdk.authentication.revokeAccessToken({
    token: "<value>",
    clientId: "5clTR_MdVrrkgxw2",
    clientSecret: "dNC-hg7sVm22jc3g_Eogtyu0_1Mqh_4-",
  });

  console.log(result);
}

run();
declare(strict_types=1);

require 'vendor/autoload.php';

use OpenAPI\OpenAPI;
use OpenAPI\OpenAPI\Models\Components;

$sdk = OpenAPI\SDK::builder()
    ->setXMoovVersion('v2024.01.00')
    ->build();

$revokeTokenRequest = new Components\RevokeTokenRequest(
    token: '<value>',
    clientId: '5clTR_MdVrrkgxw2',
    clientSecret: 'dNC-hg7sVm22jc3g_Eogtyu0_1Mqh_4-',
);

$response = $sdk->authentication->revokeAccessToken(
    revokeTokenRequest: $revokeTokenRequest
);

if ($response->statusCode === 200) {
    // handle response
}
from openapi import SDK


with SDK(
    x_moov_version="v2024.01.00",
) as sdk:

    res = sdk.authentication.revoke_access_token(token="<value>", client_id="5clTR_MdVrrkgxw2", client_secret="dNC-hg7sVm22jc3g_Eogtyu0_1Mqh_4-")

    # Handle response
    print(res)
package hello.world;

import java.lang.Exception;
import org.openapis.openapi.SDK;
import org.openapis.openapi.models.errors.GenericError;
import org.openapis.openapi.models.errors.RevokeTokenRequestError;
import org.openapis.openapi.models.operations.RevokeAccessTokenResponse;

public class Application {

    public static void main(String[] args) throws GenericError, RevokeTokenRequestError, Exception {

        SDK sdk = SDK.builder()
                .xMoovVersion("v2024.01.00")
            .build();

        RevokeAccessTokenResponse res = sdk.authentication().revokeAccessToken()
                .token("<value>")
                .clientId("5clTR_MdVrrkgxw2")
                .clientSecret("dNC-hg7sVm22jc3g_Eogtyu0_1Mqh_4-")
                .call();

        // handle response
    }
}
require 'openapi'

Models = ::OpenApiSDK::Models
s = ::OpenApiSDK::SDK.new(
      x_moov_version: 'v2024.01.00',
    )

res = s.authentication.revoke_access_token(revoke_token_request: Models::Components::RevokeTokenRequest.new(
  token: '<value>',
  client_id: '5clTR_MdVrrkgxw2',
  client_secret: 'dNC-hg7sVm22jc3g_Eogtyu0_1Mqh_4-',
))

if res.status_code == 200
  # handle response
end
204 400 422 429 500 504
The request completed successfully, but there is no content to return.

Response headers

x-request-id

string required
A unique identifier used to trace requests.
The server could not understand the request due to invalid syntax.
application/json
Example
{
  "error": "string"
}

Response headers

x-request-id

string required
A unique identifier used to trace requests.
The request was well-formed, but the contents failed validation. Check the request for missing or invalid fields.
application/json
Example
{
  "token": "string",
  "token_type_hint": "string"
}

Response headers

x-request-id

string required
A unique identifier used to trace requests.
Request was refused due to rate limiting.

Response headers

x-request-id

string required
A unique identifier used to trace requests.
The request failed due to an unexpected error.

Response headers

x-request-id

string required
A unique identifier used to trace requests.
The request failed because a downstream service failed to respond.

Response headers

x-request-id

string required
A unique identifier used to trace requests.

Headers

X-Moov-Version

string

Specify an API version.

API versioning follows the format vYYYY.QQ.BB, where

  • YYYY is the year
  • QQ is the two-digit month for the first month of the quarter (e.g., 01, 04, 07, 10)
  • BB is the build number, starting at .01, for subsequent builds in the same quarter.
    • For example, v2024.01.00 is the initial release of the first quarter of 2024.

The dev version represents the most recent development state. It may include breaking changes and should be treated as a beta release. When no version is specified, the API defaults to v2024.01.00.

Body

application/json

token

string required
The access or refresh token to revoke.

client_id

string
Client ID can be provided here in the body, or as the Username in HTTP Basic Auth.

client_secret

string
Client secret can be provided here in the body, or as the Password in HTTP Basic Auth.

token_type_hint

string<enum>
The type of token being revoked.
Possible values: access_token, refresh_token