Revoke Access Token

Permanently revokes an access token or refresh token, immediately preventing it from being used to access Candescent APIs.

Requests must use application/x-www-form-urlencoded encoding and include the token to be revoked in the token request field.

Use this endpoint to:

End a customer session when the customer signs out.
Immediately stop API access for a specific access token.
Invalidate a refresh token so the customer cannot obtain new access tokens without re-authenticating.
Respond to tokens that may have been exposed or compromised.

Behavior and capabilities:

Accepts either an access token or a refresh token in the token request parameter.
Revoking a refresh token also invalidates all access tokens issued from that refresh token.
Requests must authenticate using the application’s client ID and client secret via HTTP Basic Authentication.
Successful requests return an HTTP 204 - No Content status code.
Token revocation is permanent and cannot be undone. When access is required again, a new token must be requested from the [OAuth V2 token endpoint] (/api/generated/create-access-token-v-2/).

Request

No Content