Latest version

Revoke access token

post

https://api.box.com

/oauth2/revoke

This endpoint is in the version 2024.0. No changes are required to continue using it. For more details, see Box API versioning.

Revoke an active Access Token, effectively logging a user out that has been previously authenticated.

Related Guides

Authentication Revoke a Token

Request

content-typeapplication/x-www-form-urlencoded

Request Body

client_id stringin bodyoptional

example"ly1nj6n11vionaie65emwzk575hnnmrk"

The Client ID of the application requesting to revoke the access token.

client_secret stringin bodyoptional

example"hOzsTeFlT6ko0dme22uGbQal04SBPYc1"

The client secret of the application requesting to revoke an access token.

token string (token)in bodyoptional

example"n22JPxrh18m4Y0wIZPIqYZK7VRrsMTWW"

The access token to revoke.

Response

200none

Returns an empty response when the token was successfully revoked.

400application/jsonOAuth 2.0 error

An authentication error.

defaultapplication/jsonOAuth 2.0 error

An authentication error.

post

Revoke access token

You can now try out some of our APIs live, right here in the documentation.

Request Example

Learn more about Box SDK versionig strategy.

curl -i -X POST "https://api.box.com/oauth2/revoke" \
     -H "content-type: application/x-www-form-urlencoded" \
     -d "client_id=[CLIENT_ID]" \
     -d "client_secret=[CLIENT_SECRET]" \
     -d "token=[ACCESS_TOKEN]"

Node/TypeScript v10

await auth.revokeTokens();
// client's tokens have been revoked

client.auth.revoke_token()

await auth.RevokeTokenAsync();

try await auth.revokeToken()

auth.revokeToken();
// client's tokens have been revoked

oauth.revoke()

client.revokeTokens("<TOKEN>")
	.then(() => {
		// the client's access token have been revoked
	});