Revoke Access-Token

If you want to revoke a specific access-token (thus disabling the integration and preventing your customer from using it), you do as follows:

Key Value
Content-Type application/x-www-form-urlencoded
Authorization Basic {Base64 encode client-id:client-secret}
  • If you use for example Postman, the Bulk-edit of the headers should look like:
    Content-Type:application/x-www-form-urlencoded
    Authorization:Basic SjU5WTcySjE4Z0Q6UnVaQVQ2ZTlj
  • The value of the “Authorization”-key shall be “Basic” followed by the information you get when you Base64 encode “client-id:client-secret”. Note that you shall include “:” when you encode the information.
  • As body you use:
Key Value
token {Access-Token to revoke}
  • If you use for example Postman, the Bulk-edit of the body should look like:
    token:09d8e971-bf24-42ba-ac09-019aaa3d7297
  • If everything goes as intended, you shall get:
    200 HTTP-response
  • Body: {“revoked”:true}
  • Read more at: https://tools.ietf.org/html/rfc7009#section-2