Revoke Token - Stytch Docs

curl --request POST \
  --url https://${projectDomain}/v1/oauth2/revoke \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'client_id=${exampleConnectedAppClientID} \
    &client_secret=${exampleConnectedAppClientSecret} \
    &token=eyJ...'

{
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "status_code": 200
}

curl --request POST \
  --url https://${projectDomain}/v1/oauth2/revoke \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'client_id=${exampleConnectedAppClientID} \
    &client_secret=${exampleConnectedAppClientSecret} \
    &token=eyJ...'

{
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "status_code": 200
}

curl --request POST \
  --url https://${projectDomain}/v1/oauth2/revoke \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'client_id=${exampleConnectedAppClientID} \
    &client_secret=${exampleConnectedAppClientSecret} \
    &token=eyJ...'

{
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "status_code": 200
}

POST

https://${projectdomain}

oauth2

revoke

curl --request POST \
  --url https://${projectDomain}/v1/oauth2/revoke \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'client_id=${exampleConnectedAppClientID} \
    &client_secret=${exampleConnectedAppClientSecret} \
    &token=eyJ...'

{
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "status_code": 200
}

Revoke a token for the given Connected Apps client. This endpoint uses your Custom Domain. This endpoint supports both access tokens and refresh tokens. If the token is a refresh token, the corresponding access token issued at the same time will also be revoked. This endpoint is an RFC-7009 compliant token revocation endpoint.

This endpoint supports passing the client_id and client_secret within the request body as well as within a HTTP-Basic Auth header.
This endpoint supports the application/x-www-form-urlencoded content type.

We recommend using the Custom Domain whenever possible. For backwards compatibility reasons, this endpoint is also available at https://test.stytch.com/v1/public/${projectId}/oauth2/revoke.

Body

token

string

required

The token to introspect.

token_type_hint

string

A hint for the type of the token. Possible values are access_token and refresh_token.

client_id

string

required

The ID of the Connected App client.

client_secret

string

The secret of the Connected App client. Required for confidential clients

Response

request_id

string

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.

status_code

number

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.

⌘I

​Body

​Response

Body

Response