Skip to main contentIBM Video Streaming Developers

Token revocation


In some cases, a user may want to revoke access given to an application. Programmatic revocation is important in instances where a user logs out, changes identity, unsubscribes, or uninstalls the application.

Token revocation endpoint
Supported HTTP methodPOST


tokenstringREQUIREDThe token that the client wants to get revoked. Can be access token or refresh token.
client_idstringREQUIRED40-character long string that identifies the client the token belongs to.

In addition to the parameters above, the client must provide its client secret (provided along with the client key) to authenticate itself. The authentication is done with HTTP Basic authorization method.

Sample HTTP header:

Authorization: Basic bc345abc45d6789abcdef0123aef0126789def01

For example, a client may request the revocation of a token with the following request:

POST /oauth2/token/revoke HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Authorization: Basic bc345abc45d6789abcdef0123aef0126789def01

Revocation Response

The authorization server responds with HTTP status code 200 if the token has been revoked successfully or if the client submitted an invalid token. The content of the response body can be ignored by the client as all necessary information is conveyed in the response code.