Guides Authentication Access TokensRevoke a Token

Revoke a Token

GuideAccess Tokens

Revoke a Token

An Access Token can be revoked at any time by either sending the Access Token or Refresh Token the POST /oauth2/revoke endpoint.

cURL

curl -X POST https://api.box.com/oauth2/revoke \
     -H 'Content-Type: application/x-www-form-urlencoded' \
     -d 'client_id=[CLIENT_ID]' \
     -d 'client_secret=[CLIENT_SECRET]' \
     -d 'token=[ACCESS_TOKEN]'

Python

oauth.revoke()

Node

client.revokeTokens("<TOKEN>")
	.then(() => {
		// the client's access token have been revoked
	});

Usage in SDKs

All of the Box SDKs support manually revoking the current Access Token associated with the client. To revoke a specific token, first initialize a new SDK with that token and then call the relevant revoke method.

Related APIs

postRevoke access token