Box Developer Documentation
Log in

A beta version of the new Box developer documentation site is launching soon! Updated Developer Guides, modern API Reference, and AI-powered search are on the way to help you build with Box faster. Stay tuned for more updates.

Revoke a Token

Guides Authentication Tokens Revoke a Token
Edit this page

Required Guides

Revoke a Token

An Access Token can be revoked at any time by either sending the Access Token or Refresh Token the POST /oauth2/revoke endpoint.

cURL
curl -i -X POST "https://api.box.com/oauth2/revoke" \
     -H "content-type: application/x-www-form-urlencoded" \
     -d "client_id=[CLIENT_ID]" \
     -d "client_secret=[CLIENT_SECRET]" \
     -d "token=[ACCESS_TOKEN]"
Node/TypeScript v10
await auth.revokeTokens();
// client's tokens have been revoked
Python v10
client.auth.revoke_token()
.NET v10
await auth.RevokeTokenAsync();
Swift v10
try await auth.revokeToken()
Java v10
auth.revokeToken();
// client's tokens have been revoked
Python v4
oauth.revoke()
Node v4
client.revokeTokens("<TOKEN>")
	.then(() => {
		// the client's access token have been revoked
	});

Usage in SDKs

All of the Box SDKs support manually revoking the current Access Token associated with the client. To revoke a specific token, first initialize a new SDK with that token and then call the relevant revoke method.