Overview

In some cases, a user may want to revoke access given to an application. Programmatic revocation is important in instances where a user logs out, changes identity, unsubscribes, or uninstalls the application.

Token revocation endpoint


Location	https://video.ibm.com/oauth2/token/revoke
Supported HTTP method	POST

Parameters

PARAMETER	TYPE	IMPORTANCE	DESCRIPTION
`token`	string	REQUIRED	The token that the client wants to get revoked. Can be access token or refresh token.
`client_id`	string	REQUIRED	40-character long string that identifies the client the token belongs to.

In addition to the parameters above, the client must provide its client secret (provided along with the client key) to authenticate itself. The authentication is done with HTTP Basic authorization method.

Sample HTTP header:

Authorization: Basic bc345abc45d6789abcdef0123aef0126789def01
Copy to clipboard

For example, a client may request the revocation of a token with the following request:

POST /oauth2/token/revoke HTTP/1.1
Host: video.ibm.com
Content-Type: application/x-www-form-urlencoded
Authorization: Basic bc345abc45d6789abcdef0123aef0126789def01

token=5fb2a4aba6157825929b78c56e623613f20033ff&client_id=50aefe42c68cf63b488fc6630b7f0b3b7ae00e8e
Copy to clipboard

Revocation Response

The authorization server responds with HTTP status code 200 if the token has been revoked successfully or if the client submitted an invalid token. The content of the response body can be ignored by the client as all necessary information is conveyed in the response code.

Edit this page on GitHub

Native app support

Rate limits