Send Docs Feedback

Revoke OAuth2 Access Token by End User or App ID

Resource Summary

Security

Content Type

Category

OAuth 2.0 Access Token,

revokeOAuth2AccessTokenbyEndUserIDorAppID

POST

Revoke OAuth2 Access Token by End User or App ID

Revokes an OAuth2 access tokens associated with an App End User ID or Developer App ID, or both. 

This API requires the orgadmin or opsadmin role.

If you use this API to revoke an access token, the associated refresh token will be revoked also. 

Revoke by Developer App ID

Note that all OAuth2 access tokens generated by Edge include the ID of the developer app associated with the token, and you can always revoke tokens based on that ID using this API. To get a list of Developer App IDs for a specific developer, you can use this API: List Developer Apps. To find tokens based on Developer App ID, see Get OAuth2 Access Token by End User or App ID

Revoke by App End User ID

In some cases, you may wish to revoke tokens associated with the ID of the user to whom they were issued (the actual user of the client app). This ID has to be present in the token. Adding an End User ID to an access token requires some preliminary setup in the OAuthV2 policy that generates the token. For details, see Enable retrieval and revocation of OAuth 2.0 access tokens by end user ID, app id, or both. You can use another API to search for tokens based on End User ID. See Get OAuth2 Access Token by End User or App ID
 

For example, you may wish to provide a way for users to revoke their own access tokens. 

Resource URL

https://api.enterprise.apigee.com/v1 /organizations/{org_name}/oauth2/revoke

Query Parameters

Name Values Description
enduser

Use to revoke OAuth2 access tokens associated with a specific app end user's ID. The user's ID must be present in the token itself, as explained above. This value is not required, but you must query by either End User ID or Developer App ID.

app

Use to revoke OAuth2 access tokens associated with a Developer App ID. This value is not required, but you must query by either End User ID or Developer App ID.

Request Body

org_name Mention the organization name true

HTTP Basic

OAuth 2.0

API Key

Reset

Make a request and see the response.

Make a request and see the response.

Make a request and see the response.

Response Payload Elements

When your API request has been successfully sent, the HTTP status code will be "202 Accepted" and the response will display the number of OAuth 2.0 tokens that were submitted for revocation.

The "202 Accepted" status does not mean that the revocation has been completed. For example, you may do a GET for access tokens after performing a revoke and see an OAuth 2.0 access token that should have been revoked. This may just mean that the revocation process is still in-progress. The processing time depends on the number of access tokens being revoked.
application/xml

Response Error Details

  • HTTP Code
    Error Code
    Description
  • 400

    { "code" : "keymanagement.service.access_token_app_
    enduser_validation_failed", "message" : "App, end user access token validation failed", "contexts" : [ ] }

  • 400

    If this feature isn't enabled, as described in this topic, you'll get an UnsupportedOperation error.

Working...

Help or comments?