Skip to main content
POST
/
tyk
/
oauth
/
revoke
revoke token
curl --request POST \
  --url https://{tenant}/tyk/oauth/revoke \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --header 'X-Tyk-Authorization: <api-key>' \
  --data client_id=2a06b398c17f46908de3dffcb71ef87df \
  --data token=eyJvcmciOiI1ZTIwOTFjNGQ0YWVmY2U2MGMwNGZiOTIiLCJpZCI6IjIyODQ1NmFjNmJlMjRiMzI5MTIyOTdlODQ5NTc4NjJhIiwiaCI6Im11cm11cjY0In0= \
  --data org_id=6492f66e6ebbc56c6a6bf022 \
  --data token_type_hint=access_token
{
  "message": "token revoked successfully",
  "status": "ok"
}

Authorizations

X-Tyk-Authorization
string
header
required

Api key

Body

application/x-www-form-urlencoded

token revoked successfully

client_id
string
required

id of oauth client

Example:

"2a06b398c17f46908de3dffcb71ef87df"

token
string
required

token to be revoked

Example:

"eyJvcmciOiI1ZTIwOTFjNGQ0YWVmY2U2MGMwNGZiOTIiLCJpZCI6IjIyODQ1NmFjNmJlMjRiMzI5MTIyOTdlODQ5NTc4NjJhIiwiaCI6Im11cm11cjY0In0="

org_id
string
Example:

"6492f66e6ebbc56c6a6bf022"

token_type_hint
string

type of token to be revoked, if sent then the accepted values are access_token and refresh_token. String value and optional, of not provided then it will attempt to remove access and refresh tokens that matches

Example:

"access_token"

Response

token revoked

message
string
status
string