Token Revocation
Revoke an access token or refresh token.
Endpoint
POST /oauth/token/revoke
Headers
| Header | Required | Description |
|---|---|---|
Content-Type | Yes | application/x-www-form-urlencoded |
Form Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
token | string | Yes | The token to revoke |
token_type_hint | string | No | Hint about token type: "access_token" or "refresh_token" |
Response
Success (200)
{}
Note: Always returns 200 OK, even if token was already revoked (RFC 7009).
Error (400)
{
"error": "invalid_request",
"error_description": "Invalid token"
}
Features
- Revokes access tokens or refresh tokens
- Always returns 200 OK (RFC 7009 compliance)
- Token is immediately invalidated
- Works even if token was already revoked
Example
curl -X POST "https://api.rivergen.com/oauth/token/revoke" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "token=ACCESS_TOKEN&token_type_hint=access_token"
Related Endpoints
- Token Endpoint - Get tokens
- Authorization Endpoint - Get authorization code