Revoke a Token

After you have completed authorization using one of the OAuth2 flows, you can use the /oauth2/revoke endpoint to invalidate the access token or refresh token returned from the authorization endpoint (e.g. to prevent further access using that token).

Set the Content-type in the request to application/x-www-form-urlencoded and pass the access token via the token body parameter:

Also, pass either client_id and client_secret as body parameters or add an Authorization Header of type Basic.

POST https://mytenant.idaptive.app/oauth2/revoke/myapplication HTTP/1.1
Authorization: Basic amFtZ...
Content-Type: application/x-www-form-urlencoded


token=eyJhbGsdaefwsd...
client_id=xxxxxx
client_secret=xxxxx

The response indicates 200 OK if the token was successfully revoked.

HTTP/1.1 200 OK

Try the API in Postman:
Run in PostmanRun in Postman