Revoke an access token

POST /v2/oauth/token/revoke

Revokes an access token issued by an OAuth application. In the request body, include the token you want revoked, along with the client_id and client_secret of the application that issued it.

If you clone the application that issued the token, then the clone's credentials can’t be used to revoke it. To revoke the token, you must pass the credentials of the application that issued it.

warning

To reduce the risk of your client credentials being compromised, always send them in the request body. If you pass your credentials as query parameters, Instacart returns an error with a 403 status code.

Security

None.

Parameters

None.

Request

Field	Type	Description
`client_id`	string	The client ID.
`client_secret`	string	The client secret.
`token`	string	The token to revoke.

Request examples

cURL
Java
Python
Go

curl --request POST \
  --url https://connect.instacart.com/v2/oauth/token/revoke \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --data '{
  "client_id": "string",
  "client_secret": "string",
  "token": "string"
}'

HttpResponse<String> response = Unirest.post("https://connect.instacart.com/v2/oauth/token/revoke")
  .header("Accept", "application/json")
  .header("Content-Type", "application/json")
  .body("{\n  \"client_id\": \"string\",\n  \"client_secret\": \"string\",\n  \"token\": \"string\"\n}")
  .asString();

import http.client

conn = http.client.HTTPSConnection("connect.instacart.com")

payload = "{\n  \"client_id\": \"string\",\n  \"client_secret\": \"string\",\n  \"token\": \"string\"\n}"

headers = {
    'Accept': "application/json",
    'Content-Type': "application/json"
}

conn.request("POST", "/v2/oauth/token/revoke", payload, headers)

res = conn.getresponse()
data = res.read()

print(data.decode("utf-8"))

package main

import (
	"fmt"
	"strings"
	"net/http"
	"io"
)

func main() {

	url := "https://connect.instacart.com/v2/oauth/token/revoke"

	payload := strings.NewReader("{\n  \"client_id\": \"string\",\n  \"client_secret\": \"string\",\n  \"token\": \"string\"\n}")

	req, _ := http.NewRequest("POST", url, payload)

	req.Header.Add("Accept", "application/json")
	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}

Response

None.

Response examples

200 Success

200 Revokes access token

{
 // Empty
}

Authentication Errors

HTTP Code	Cause	Error	Description
`403`	Unauthorized client	"unauthorized_client"	"You are not authorized to revoke this token"
`403`	Query Params Forbidden	"query_params_forbidden"	"Providing OAuth credentials as query parameters may cause them to be compromised. Please ensure the credentials are rotated."

Security​

Parameters​

Request​

Request examples​

Response​

Response examples​

200 Success

Authentication Errors

Security

Parameters

Request

Request examples

Response

Response examples