Revoke access token

post

https://api.box.com

/oauth2/revoke

Revoke an active Access Token, effectively logging a user out that has been previously authenticated.

Related Guides

AuthenticationRevoke a Token

Request

Content-Typeapplication/x-www-form-urlencoded

Request Body

client_id stringin bodyoptional

examplely1nj6n11vionaie65emwzk575hnnmrk

The Client ID of the application requesting to revoke the access token.

client_secret stringin bodyoptional

examplehOzsTeFlT6ko0dme22uGbQal04SBPYc1

The client secret of the application requesting to revoke an access token.

token string / tokenin bodyoptional

examplen22JPxrh18m4Y0wIZPIqYZK7VRrsMTWW

The access token to revoke.

Response

200none

Returns an empty response when the token was successfully revoked.

400application/jsonOAuth 2.0 error

An authentication error.

defaultapplication/jsonOAuth 2.0 error

An authentication error.

post

Revoke access token

You can now try out some of our APIs live, right here in the documentation.

Request Example

curl -X POST https://api.box.com/oauth2/revoke \
     -H 'Content-Type: application/x-www-form-urlencoded' \
     -d 'client_id=[CLIENT_ID]' \
     -d 'client_secret=[CLIENT_SECRET]' \
     -d 'token=[ACCESS_TOKEN]'

oauth.revoke()

client.revokeTokens("<TOKEN>")
	.then(() => {
		// the client's access token have been revoked
	});