Skip to main content
POST
/
v1
/
oauth
/
revoke
Revoke a token
curl --request POST \
  --url https://api.hq.zone/v1/oauth/revoke \
  --header 'Content-Type: application/json' \
  --data '
{
  "client_id": "<string>",
  "token": "<string>",
  "client_secret": "<string>",
  "token_type_hint": "<string>"
}
'

Token revocation (RFC 7009)

Revokes an access or refresh token. Send the token as a form field token (application/x-www-form-urlencoded). Per the spec it returns success even if the token was already invalid or unknown.

Body

application/json

RFC 7009. Revokes the token and its refresh family. Form or JSON. Always returns 200.

client_id
string
required
token
string
required
client_secret
string | null
token_type_hint
string | null

Response

Revoked (unknown / not-yours / already-revoked all return 200)