/revokeToken: Revoke Token

URL:
https://[root]/oauth2/revokeToken
Methods:
POST

Example usage

URL for Revoke Token

Use dark colors for code blocksCopy
1
https://www.arcgis.com/sharing/rest/oauth2/revokeToken

Description

The Revoke Token operation (POST only, HTTPS only) invalidates OAuth2 access or refresh token. Applications can use this endpoint when a user signs out of the app so that no abandoned tokens are left valid.

An access token is issued from implicit grant and a refresh token can be revoked with this operation. When a refresh token is revoked, all access tokens generated from the refresh token will also be revoked. Revoking an app access token and tokens generated from generate token are not supported with this operation. A success response will be returned revoking either an invalid, expired token or of an unsupported type to prevent leaking information about the passed-in token.

Request parameters

ParameterDetails

[Common Parameters]

For a complete listing, see common parameters.

auth_token

The access token or refresh token to revoke.

token_type_hint

(Optional) Specify the type of token passed in for auth_token.

Supported values: access_token | refresh_token

client_id

The ID of the registered application that was used to generate the token to be revoked. An application can only revoke its own tokens; if the client id does not match the one from which the token was generated, the token will not be revoked.

Example:

Use dark colors for code blocksCopy
1
client_id=GGjeDjEY6kKEiDmX

Response properties

PropertyDetails

success

Indicates whether the operation was successful.

JSON Response syntax

Use dark colors for code blocksCopy
1
{"success": true}

JSON Response example

Use dark colors for code blocksCopy
1
2
3
4
5
6
7
8
9
{"success": true}

or

{"error": {
 "code": 400,
 "message": "Invalid client_id",
 "details": []
}}

Your browser is no longer supported. Please upgrade your browser for the best experience. See our browser deprecation post for more details.