My Apps

    Revoke a Token

    Revoke a Token

    An Access Token can be revoked at any time by either sending the Access Token or Refresh Token the POST /oauth2/revoke endpoint.

    cURL
    curl -X POST https://api.box.com/oauth2/revoke \
         -H "Content-Type: application/x-www-form-urlencoded" \
         -d '{
           "client_id": "<CLIENT_ID>",
           "client_secret": "<CLIENT_SECRET>",
           "token": "<ACCESS_TOKEN>"
         }'
    Python
    oauth.revoke()
    Node
    client.revokeTokens("<TOKEN>")
    	.then(() => {
    		// the client's access token have been revoked
    	});

    Usage in SDKs

    All of the Box SDKs support manually revoking the current Access Token associated with the client. To revoke a specific token, first initialize a new SDK with that token and then call the relevant revoke method.