Revoke access token - Box Dev Docs

cURL

curl -i -X POST "https://api.box.com/oauth2/revoke" \
     -H "content-type: application/x-www-form-urlencoded" \
     -d "client_id=[CLIENT_ID]" \
     -d "client_secret=[CLIENT_SECRET]" \
     -d "token=[ACCESS_TOKEN]"

{
  "error": "invalid_client",
  "error_description": "The client credentials are not valid"
}

POST

oauth2

revoke

cURL

curl -i -X POST "https://api.box.com/oauth2/revoke" \
     -H "content-type: application/x-www-form-urlencoded" \
     -d "client_id=[CLIENT_ID]" \
     -d "client_secret=[CLIENT_SECRET]" \
     -d "token=[ACCESS_TOKEN]"

{
  "error": "invalid_client",
  "error_description": "The client credentials are not valid"
}

This endpoint is in the version 2024.0. No changes are required to continue using it. For more details, see Box API versioning.Learn more about Box SDK versioning strategy.

Body

application/x-www-form-urlencoded

A request to revoke an OAuth 2.0 token.

client_id

string

The Client ID of the application requesting to revoke the access token.

Example:

"ly1nj6n11vionaie65emwzk575hnnmrk"

client_secret

string

The client secret of the application requesting to revoke an access token.

Example:

"hOzsTeFlT6ko0dme22uGbQal04SBPYc1"

token

string<token>

The access token to revoke.

Example:

"n22JPxrh18m4Y0wIZPIqYZK7VRrsMTWW"

Response

Returns an empty response when the token was successfully revoked.

Request access token

Box Sign request

⌘I