Revoke an access token
POST /v2/oauth/token/revoke
Revokes an access token issued by an OAuth application. In the request body, include the token you want revoked, along with the client_id and client_secret of the application that issued it.
If you clone the application that issued the token, then the clone's credentials can’t be used to revoke it. To revoke the token, you must pass the credentials of the application that issued it.
Warning
To reduce the risk of your client credentials being compromised, always send them in the request body. If you pass your credentials as query parameters, Instacart returns an error with a 403 status code.
Security
None.
Parameters
None.Request
| Field | Type | Required | Description |
|---|---|---|---|
client_id | string |  | The client ID. |
client_secret | string | | The client secret. |
token | string | | The token to revoke. |
Request examples
- cURL
- Java
- Python
- Go
curl --request POST \
--url https://connect.instacart.com/v2/oauth/token/revoke \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '{
"client_id": "string",
"client_secret": "string",
"token": "string"
}'
HttpResponse<String> response = Unirest.post("https://connect.instacart.com/v2/oauth/token/revoke")
.header("Accept", "application/json")
.header("Content-Type", "application/json")
.body("{\n \"client_id\": \"string\",\n \"client_secret\": \"string\",\n \"token\": \"string\"\n}")
.asString();
import http.client
conn = http.client.HTTPSConnection("connect.instacart.com")
payload = "{\n \"client_id\": \"string\",\n \"client_secret\": \"string\",\n \"token\": \"string\"\n}"
headers = {
'Accept': "application/json",
'Content-Type': "application/json"
}
conn.request("POST", "/v2/oauth/token/revoke", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://connect.instacart.com/v2/oauth/token/revoke"
payload := strings.NewReader("{\n \"client_id\": \"string\",\n \"client_secret\": \"string\",\n \"token\": \"string\"\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Accept", "application/json")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}
Response
None.Response examples
200 Success
200Revokes access token
{
// Empty
}
Authentication Errors
| HTTP Code | Cause | Error | Description |
|---|---|---|---|
403 | Unauthorized client | "unauthorized_client" | "You are not authorized to revoke this token" |
403 | Query Params Forbidden | "query_params_forbidden" | "Providing OAuth credentials as query parameters may cause them to be compromised. Please reach out to Instacart's security team and have the credentials rotated." |