Revoke an access token

Revoke an auth token.

Allows clients to notify the authorization server that a previously obtained refresh or access token is no longer needed.

POST

/oauth2/revoke

cURL TypeScript PHP Java Python Ruby .NET

curl -X POST "https://api.moov.io/oauth2/revoke" \
  -H "Authorization: Bearer {token}" \
  -H "X-Moov-Version: v2026.04.00" \
  -d '{
  "token": "string"
}'

import { Moov } from "@moovio/sdk";

const moov = new Moov({
  security: {
    username: "",
    password: "",
  },
});

async function run() {
  const result = await moov.authentication.revokeAccessToken({
    token: "<value>",
    clientId: "5clTR_MdVrrkgxw2",
    clientSecret: "dNC-hg7sVm22jc3g_Eogtyu0_1Mqh_4-",
  });

  console.log(result);
}

run();

declare(strict_types=1);

require 'vendor/autoload.php';

use Moov\MoovPhp;
use Moov\MoovPhp\Models\Components;

$sdk = MoovPhp\Moov::builder()
    ->setSecurity(
        new Components\Security(
            username: '',
            password: '',
        )
    )
    ->build();

$request = new Components\RevokeTokenRequest(
    token: '<value>',
    clientId: '5clTR_MdVrrkgxw2',
    clientSecret: 'dNC-hg7sVm22jc3g_Eogtyu0_1Mqh_4-',
);

$response = $sdk->authentication->revokeToken(
    request: $request
);

if ($response->statusCode === 200) {
    // handle response
}

package hello.world;

import io.moov.sdk.Moov;
import io.moov.sdk.models.components.RevokeTokenRequest;
import io.moov.sdk.models.components.Security;
import io.moov.sdk.models.errors.GenericError;
import io.moov.sdk.models.errors.RevokeTokenRequestError;
import io.moov.sdk.models.operations.RevokeAccessTokenResponse;
import java.lang.Exception;

public class Application {

    public static void main(String[] args) throws GenericError, RevokeTokenRequestError, Exception {

        Moov sdk = Moov.builder()
                .security(Security.builder()
                    .username("")
                    .password("")
                    .build())
            .build();

        RevokeTokenRequest req = RevokeTokenRequest.builder()
                .token("<value>")
                .clientId("5clTR_MdVrrkgxw2")
                .clientSecret("dNC-hg7sVm22jc3g_Eogtyu0_1Mqh_4-")
                .build();

        RevokeAccessTokenResponse res = sdk.authentication().revokeAccessToken()
                .request(req)
                .call();

        // handle response
    }
}

from moovio_sdk import Moov
from moovio_sdk.models import components


with Moov(
    security=components.Security(
        username="",
        password="",
    ),
) as moov:

    res = moov.authentication.revoke_access_token(token="<value>", client_id="5clTR_MdVrrkgxw2", client_secret="dNC-hg7sVm22jc3g_Eogtyu0_1Mqh_4-")

    # Handle response
    print(res)

require 'moov_ruby'

Models = ::Moov::Models
s = ::Moov::Client.new(
  security: Models::Components::Security.new(
    username: '',
    password: ''
  )
)

req = Models::Components::RevokeTokenRequest.new(
  token: '<value>',
  client_id: '5clTR_MdVrrkgxw2',
  client_secret: 'dNC-hg7sVm22jc3g_Eogtyu0_1Mqh_4-'
)
res = s.authentication.revoke_access_token(request: req)

if res.status_code == 200
  # handle response
end

using Moov.Sdk;
using Moov.Sdk.Models.Components;

var sdk = new MoovClient(security: new Security() {
    Username = "",
    Password = "",
});

RevokeTokenRequest req = new RevokeTokenRequest() {
    Token = "<value>",
    ClientId = "5clTR_MdVrrkgxw2",
    ClientSecret = "dNC-hg7sVm22jc3g_Eogtyu0_1Mqh_4-",
};

var res = await sdk.Authentication.RevokeAccessTokenAsync(req);

// handle response

204 400 422 429 500 504

The request completed successfully, but there is no content to return.

x-request-id


      
      string

required

A unique identifier used to trace requests.

The server could not understand the request due to invalid syntax.

application/json

{
  "error": "string"
}

x-request-id


      
      string

required

A unique identifier used to trace requests.

The request was well-formed, but the contents failed validation. Check the request for missing or invalid fields.

application/json

{
  "token": "string",
  "token_type_hint": "string"
}

x-request-id


      
      string

required

A unique identifier used to trace requests.

Request was refused due to rate limiting.

x-request-id


      
      string

required

A unique identifier used to trace requests.

The request failed due to an unexpected error.

x-request-id


      
      string

required

A unique identifier used to trace requests.

The request failed because a downstream service failed to respond.

x-request-id


      
      string

required

A unique identifier used to trace requests.

Headers

X-Moov-Version


      
      string

Set this header to v2026.04.00 to use the API described in this specification. When omitted, the server defaults to v2024.01.00, which may not match the behavior documented here.

Possible values: v2026.04.00

Body

application/json

token

string

required

The access or refresh token to revoke.

client_id

string

Client ID can be provided here in the body, or as the Username in HTTP Basic Auth.

client_secret

string

Client secret can be provided here in the body, or as the Password in HTTP Basic Auth.

token_type_hint

string<enum>

The type of token being revoked.

Possible values: access_token, refresh_token

cURL TypeScript PHP Java Python Ruby .NET

curl -X POST "https://api.moov.io/oauth2/revoke" \
  -H "Authorization: Bearer {token}" \
  -H "X-Moov-Version: v2026.04.00" \
  -d '{
  "token": "string"
}'

import { Moov } from "@moovio/sdk";

const moov = new Moov({
  security: {
    username: "",
    password: "",
  },
});

async function run() {
  const result = await moov.authentication.revokeAccessToken({
    token: "<value>",
    clientId: "5clTR_MdVrrkgxw2",
    clientSecret: "dNC-hg7sVm22jc3g_Eogtyu0_1Mqh_4-",
  });

  console.log(result);
}

run();

declare(strict_types=1);

require 'vendor/autoload.php';

use Moov\MoovPhp;
use Moov\MoovPhp\Models\Components;

$sdk = MoovPhp\Moov::builder()
    ->setSecurity(
        new Components\Security(
            username: '',
            password: '',
        )
    )
    ->build();

$request = new Components\RevokeTokenRequest(
    token: '<value>',
    clientId: '5clTR_MdVrrkgxw2',
    clientSecret: 'dNC-hg7sVm22jc3g_Eogtyu0_1Mqh_4-',
);

$response = $sdk->authentication->revokeToken(
    request: $request
);

if ($response->statusCode === 200) {
    // handle response
}

package hello.world;

import io.moov.sdk.Moov;
import io.moov.sdk.models.components.RevokeTokenRequest;
import io.moov.sdk.models.components.Security;
import io.moov.sdk.models.errors.GenericError;
import io.moov.sdk.models.errors.RevokeTokenRequestError;
import io.moov.sdk.models.operations.RevokeAccessTokenResponse;
import java.lang.Exception;

public class Application {

    public static void main(String[] args) throws GenericError, RevokeTokenRequestError, Exception {

        Moov sdk = Moov.builder()
                .security(Security.builder()
                    .username("")
                    .password("")
                    .build())
            .build();

        RevokeTokenRequest req = RevokeTokenRequest.builder()
                .token("<value>")
                .clientId("5clTR_MdVrrkgxw2")
                .clientSecret("dNC-hg7sVm22jc3g_Eogtyu0_1Mqh_4-")
                .build();

        RevokeAccessTokenResponse res = sdk.authentication().revokeAccessToken()
                .request(req)
                .call();

        // handle response
    }
}

from moovio_sdk import Moov
from moovio_sdk.models import components


with Moov(
    security=components.Security(
        username="",
        password="",
    ),
) as moov:

    res = moov.authentication.revoke_access_token(token="<value>", client_id="5clTR_MdVrrkgxw2", client_secret="dNC-hg7sVm22jc3g_Eogtyu0_1Mqh_4-")

    # Handle response
    print(res)

require 'moov_ruby'

Models = ::Moov::Models
s = ::Moov::Client.new(
  security: Models::Components::Security.new(
    username: '',
    password: ''
  )
)

req = Models::Components::RevokeTokenRequest.new(
  token: '<value>',
  client_id: '5clTR_MdVrrkgxw2',
  client_secret: 'dNC-hg7sVm22jc3g_Eogtyu0_1Mqh_4-'
)
res = s.authentication.revoke_access_token(request: req)

if res.status_code == 200
  # handle response
end

using Moov.Sdk;
using Moov.Sdk.Models.Components;

var sdk = new MoovClient(security: new Security() {
    Username = "",
    Password = "",
});

RevokeTokenRequest req = new RevokeTokenRequest() {
    Token = "<value>",
    ClientId = "5clTR_MdVrrkgxw2",
    ClientSecret = "dNC-hg7sVm22jc3g_Eogtyu0_1Mqh_4-",
};

var res = await sdk.Authentication.RevokeAccessTokenAsync(req);

// handle response

204 400 422 429 500 504

The request completed successfully, but there is no content to return.

x-request-id


      
      string

required

A unique identifier used to trace requests.

The server could not understand the request due to invalid syntax.

application/json

{
  "error": "string"
}

x-request-id


      
      string

required

A unique identifier used to trace requests.

The request was well-formed, but the contents failed validation. Check the request for missing or invalid fields.

application/json

{
  "token": "string",
  "token_type_hint": "string"
}

x-request-id


      
      string

required

A unique identifier used to trace requests.

Request was refused due to rate limiting.

x-request-id


      
      string

required

A unique identifier used to trace requests.

The request failed due to an unexpected error.

x-request-id


      
      string

required

A unique identifier used to trace requests.

The request failed because a downstream service failed to respond.

x-request-id


      
      string

required

A unique identifier used to trace requests.

Revoke an access token

Response headers

x-request-id

Response headers

x-request-id

Response headers

x-request-id

Response headers

x-request-id

Response headers

x-request-id

Response headers

x-request-id

Headers

X-Moov-Version

Body

token

client_id

client_secret

token_type_hint

Was this helpful?