Revoke access token

post

https://api.box.com

/oauth2/revoke

Revoke an active Access Token, effectively logging a user out that has been previously authenticated.

Related Guides

Authentication Revoke a Token

Request

content-typeapplication/x-www-form-urlencoded

Request Body

client_id stringin bodyoptional

example"ly1nj6n11vionaie65emwzk575hnnmrk"

The Client ID of the application requesting to revoke the access token.

client_secret stringin bodyoptional

example"hOzsTeFlT6ko0dme22uGbQal04SBPYc1"

The client secret of the application requesting to revoke an access token.

token string (token)in bodyoptional

example"n22JPxrh18m4Y0wIZPIqYZK7VRrsMTWW"

The access token to revoke.

Response

200none

Returns an empty response when the token was successfully revoked.

400application/jsonOAuth 2.0 error

An authentication error.

defaultapplication/jsonOAuth 2.0 error

An authentication error.

post

Revoke access token

You can now try out some of our APIs live, right here in the documentation.

Request Example

curl -i -X POST "https://api.box.com/oauth2/revoke" \
     -H "content-type: application/x-www-form-urlencoded" \
     -d "client_id=[CLIENT_ID]" \
     -d "client_secret=[CLIENT_SECRET]" \
     -d "token=[ACCESS_TOKEN]"

await auth.revokeTokens();
// client's tokens have been revoked

client.auth.revoke_token()

await auth.RevokeTokenAsync();

oauth.revoke()

client.revokeTokens("<TOKEN>")
	.then(() => {
		// the client's access token have been revoked
	});