Revoke access token

post
https://api.box.com
/oauth2/revoke

Revoke an active Access Token, effectively logging a user out that has been previously authenticated.

Request

application/x-www-form-urlencoded

Request Body

stringin bodyoptional
"ly1nj6n11vionaie65emwzk575hnnmrk"

The Client ID of the application requesting to revoke the access token.

stringin bodyoptional
"hOzsTeFlT6ko0dme22uGbQal04SBPYc1"

The client secret of the application requesting to revoke an access token.

string / tokenin bodyoptional
"n22JPxrh18m4Y0wIZPIqYZK7VRrsMTWW"

The access token to revoke.

Response

none

Returns an empty response when the token was successfully revoked.

application/jsonOAuth 2.0 error

An authentication error.

application/jsonOAuth 2.0 error

An authentication error.

post
Revoke access token
You can now try out some of our APIs live, right here in the documentation.
Log in

Request Example

cURL
curl -i -X POST "https://api.box.com/oauth2/revoke" \
     -H "content-type: application/x-www-form-urlencoded" \
     -d "client_id=[CLIENT_ID]" \
     -d "client_secret=[CLIENT_SECRET]" \
     -d "token=[ACCESS_TOKEN]"
Python
oauth.revoke()
Node
client.revokeTokens("<TOKEN>")
	.then(() => {
		// the client's access token have been revoked
	});
TypeScript (Beta)
await auth.revokeTokens();
// client's tokens have been revoked
Python (Beta)
client.auth.revoke_token()