Revoke Access Token

Overview

Revokes (invalidates) an OAuth access token by its token_id. Use this to immediately block a compromised or no-longer-needed token.

Endpoint Details

DefinitionDescription
Endpointhttps://api.paas-sandbox.co.passportfintech.com/v1/iam/oauth/tokens/:token_id
MethodDELETE
HeadersAccept-Language, Content-Length, Content-Type: application/json, Authorization
AuthenticationAccess Token (Bearer Token)

Request Body

FieldTypeDescription
token_idStringUnique identifier of the access token.

Example Request

JSON
Copy

Response

This endpoint does not return any response body. A successful revocation will show a status code of 200.

Common Errors and Handling

HTTP Status CodeMeaningDescription
400Bad RequestMalformed token_id in path or body
401UnauthorizedMissing/expired bearer token or token lacks iam.oauth.tokens.delete scope
403ForbiddenAuthenticated caller cannot revoke this token
404Not Foundtoken_id does not exist or was already revoked
409ConflictToken is already revoked or in a non-revocable state
500Server ErrorUnexpected error; retry or contact support

Best Practices

  • Always send the token_id in both path parameter and body to avoid mismatches.
  • Treat 200 OK as confirmation of success.
  • In case of security incidents, combine this with List Tokens to identify and revoke other active tokens quickly.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Link a Merchant

Contactar Passport

On This Page
Revoke Access TokenOverviewEndpoint DetailsRequest BodyExample RequestResponseCommon Errors and HandlingBest Practices