Revoke an access token

POST /v2/oauth/token/revoke

Revokes any access token. You need to include your client ID and secret and the access token in the request body.

You can only revoke access tokens using the OAuth application that generated them. During credential rotation, Connect creates a new OAuth application. The new OAuth application cannot revoke old access tokens. For more information, see credential rotation.

Best Practice

For security purposes, ensure that you send credentials only in the request body. Avoid sending credentials as query parameters because this might result in compromised credentials.

Security

None.

Parameters

None.

Request

Field	Type	Description
`client_id`	string	The client ID.
`client_secret`	string	The client secret.
`token`	string	The token to revoke.

Request examples

cURL
Java
Python
Go

curl --request POST \
  --url https://connect.instacart.com/v2/oauth/token/revoke \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --data '{
  "client_id": "string",
  "client_secret": "string",
  "token": "string"
}'

HttpResponse<String> response = Unirest.post("https://connect.instacart.com/v2/oauth/token/revoke")
  .header("Accept", "application/json")
  .header("Content-Type", "application/json")
  .body("{\n  \"client_id\": \"string\",\n  \"client_secret\": \"string\",\n  \"token\": \"string\"\n}")
  .asString();

import http.client

conn = http.client.HTTPSConnection("connect.instacart.com")

payload = "{\n  \"client_id\": \"string\",\n  \"client_secret\": \"string\",\n  \"token\": \"string\"\n}"

headers = {
    'Accept': "application/json",
    'Content-Type': "application/json"
    }

conn.request("POST", "/v2/oauth/token/revoke", payload, headers)

res = conn.getresponse()
data = res.read()

print(data.decode("utf-8"))

package main

import (
	"fmt"
	"strings"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "https://connect.instacart.com/v2/oauth/token/revoke"

	payload := strings.NewReader("{\n  \"client_id\": \"string\",\n  \"client_secret\": \"string\",\n  \"token\": \"string\"\n}")

	req, _ := http.NewRequest("POST", url, payload)

	req.Header.Add("Accept", "application/json")
	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}

Response

None.

Response examples

200 Success

200 Revokes access token

{
 // Empty
}

Authentication Errors

HTTP Code	Cause	Error	Description
`403`	Unauthorized client	"unauthorized_client"	"You are not authorized to revoke this token"
`403`	Query Params Forbidden	"query_params_forbidden"	"Providing OAuth credentials as query parameters may cause them to be compromised. Please reach out to Instacart's security team and have the credentials rotated."

Security​

Parameters​

Request​

Request examples​

Response​

Response examples​

200 Success

Authentication Errors

Security

Parameters

Request

Request examples

Response

Response examples