PUT oauth/admin/token/revoke

Revokes the access token or refresh token. The request must include either an access_token or a refresh_token parameter.

You can send the two parameters, client_id and client_secret, either in form parameters or in the Basic authorization header.

Authorization Roles/Permissions: Must be an authorized user for the resource.

This topic includes the following sections:

HTTP Method
URL
Sample Request
Request Headers
Request Parameters

Response
Sample Response
Response Headers
Response Body
Error Codes/Messages

HTTP Method

PUT

URL

https://{oauth-provider-url}/oauth/admin/token/revoke

Sample Request

The example below shows a request for client information for the OAuth Provider.

Sample Request URL

https://{oauth-provider-url}/oauth/admin/token/revoke

Sample request headers

Accept: application/json
Content-Type: application/x-www-form-urlencoded
Cookie: OAuthToken_{OAuthProviderName}={Cookie value (usually starts with TokenID)}

Sample request body

The example below shows the request parameters sent as Authorization headers.

Revoke Token API call

Request Headers

For general information on request header values, refer to HTTP Request Headers.

Header	Description
Accept	application/xml
Content-Type	application/x-www-form-urlencoded
Cookie	OAuthToken_{OAuthProviderName}—The OAuth cookie that identifies the logged-in user with the provider. Depending on the operation being used and the context, the authenticated user could be the resource owner, the administrator, the client app administration, or the OAuth Provider. The cookie is returned after logging in with the POST /oauth/login operation.

Request Parameters

Parameter	Parm Type	Data Type	Required	Description
client_id	Form	String	Required as parameter or in header	The client ID for the OAuth grant that is being revoked. You could also send this in a Basic Authorization header, a Base64-encoded form of app_id:shared_secret. In this context, both values are the app credentials, available from the App Details page, Security section: app_id is the AppID value, in the format {tenant}-{uniqueid), and the shared_secret value is also in the Security section. To get the app_id value, called identity in the API response: GET /api/apps/versions/{AppVersionID} operation. To get the shared secret: GET /api/apps/versions/{AppVersionID}/secret operation. See example.
client_secret	Form	String	Required as parameter or in header	The Shared Secret value for the app. Used in the Basic authorization header, see client_id and example.
access_token	Form	String	Required	The access token that is being revoked. You could also send this in a Bearer Authorization header. See example. If you are not sure of the access_token value, you can use the POST /oauth/oauth20/token operation to retrieve the value.

Parameter

Parm Type

Data Type

Required

Description

client_id

Form

String

Required as parameter or in header

The client ID for the OAuth grant that is being revoked.

You could also send this in a Basic Authorization header, a Base64-encoded form of app_id:shared_secret. In this context, both values are the app credentials, available from the App Details page, Security section: app_id is the AppID value, in the format {tenant}-{uniqueid), and the shared_secret value is also in the Security section.

To get the app_id value, called identity in the API response: GET /api/apps/versions/{AppVersionID} operation.

To get the shared secret: GET /api/apps/versions/{AppVersionID}/secret operation.

See example.

client_secret

Form

String

Required as parameter or in header

The Shared Secret value for the app. Used in the Basic authorization header, see client_id and example.

access_token

Form

String

Required

The access token that is being revoked.

You could also send this in a Bearer Authorization header. See example.

If you are not sure of the access_token value, you can use the POST /oauth/oauth20/token operation to retrieve the value.

Response

If successful, this operation returns HTTP status code 200 or 204, with no response content:

If the request was valid and the grant was found and revoked, a 200 is returned.
If the request was valid but there was nothing to revoke—for example, the grant had already expired—a 204 is returned.

Sample Response

The sample response below shows successful completion of this operation.

Sample response headers

HTTP/1.1 200 OK
Content-Type: application/json

Sample response body

None.

Response Headers

For general information on response header values, refer to HTTP Response Headers.

Header	Description
Content-Type	application/xml

Response Body

None.

Error Codes/Messages

If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.

Item	Value
400	Bad request: Returned if the client sends a malformed request; for example, invalid parameters or body content. For example, you might get this response if you didn't include the required headers.
401	Unauthorized. For example, you would get this response if you didn't include the OAuthToken_{OAuthProviderName} cookie, or if you included an invalid cookie.
404	The resource could not be found. For example, you might get this if you have a typo in the URL, or if the Accept header is set to a wrong value. You would also get this if you were using the wrong HTTP verb.
500	An error occurred processing the call.

More information about Akana OAuth API error messages.

PUT oauth/admin/token/revoke

HTTP Method

URL

Sample Request

Request Headers

Request Parameters

Response

Sample Response

Response Headers

Response Body

Error Codes/Messages

Related Topics