Revoke Access Token

Overview

Revokes (invalidates) an OAuth access token by its token_id. Use this to immediately block a compromised or no-longer-needed token.

Endpoint Details

DefinitionDescription
Endpointhttps://api.paas-sandbox.co.passportfintech.com/v1/iam/oauth/tokens/:token_id
MethodDELETE
HeadersAccept-Language, Content-Length, Content-Type: application/json, Authorization
AuthenticationAccess Token (Bearer Token)

Request Body

FieldTypeDescription
token_idStringUnique identifier of the access token.

Example Request

JSON
Copy

Response

This endpoint does not return any response body. A successful revocation will show a status code of 200.

Common Errors and Handling

HTTP Status CodeMeaningDescription
400Bad RequestMalformed token_id in path or body
401UnauthorizedMissing/expired bearer token or token lacks iam.oauth.tokens.delete scope
403ForbiddenAuthenticated caller cannot revoke this token
404Not Foundtoken_id does not exist or was already revoked
409ConflictToken is already revoked or in a non-revocable state
500Server ErrorUnexpected error; retry or contact support

Best Practices

  • Always send the token_id in both path parameter and body to avoid mismatches.
  • Treat 200 OK as confirmation of success.
  • In case of security incidents, combine this with List Tokens to identify and revoke other active tokens quickly.
VariableType to search · ESC to discard
GlossaryType to search · ESC to discard
InsertType to search · ESC to discard
No matches