Skip to main content

Post a request to the token revocation endpoint to revoke a token

POST 
/token/revocation

revoke an access token

Request

Header Parameters

    x-fapi-auth-date string

    Possible values: Value must match regular expression ^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2} (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d{4} \d{2}:\d{2}:\d{2} (GMT|UTC)$

    The time when the PSU last logged in with the TPP. All dates in the HTTP headers are represented as RFC 7231 Full Dates. An example is below: Sun, 10 Sep 2017 19:43:31 UTC

    x-fapi-customer-ip-address string

    The PSU's IP address if the PSU is currently logged in with the TPP.

    x-fapi-interaction-id string

    An RFC4122 UID used as a correlation id.

    x-customer-user-agent string

    Indicates the user-agent that the PSU is using.

Body

required

    token stringrequired

    The token that the client wants to get revoked.

    token_type_hint string

    Possible values: [access_token, refresh_token]

    A hint about the type of the token submitted for revocation. Clients MAY pass this parameter in order to help the authorization server to optimize the token lookup. If the server is unable to locate the token using the given hint, it MUST extend its search across all of its supported token types. An authorization server MAY ignore this parameter, particularly if it is able to detect the token type automatically. This specification defines two such values:

    • access_token: An access token as defined in [RFC6749], Section 1.4

    • refresh_token: A refresh token as defined in [RFC6749], Section 1.5

Responses

No Content

Response Headers

  • x-fapi-interaction-id

    string

Loading...