Revoke an access token
POST /v2/oauth/token/revoke
Revokes any access token. You need to include your client ID and secret and the access token in the request body.
You can only revoke access tokens using the OAuth application that generated them. During credential rotation, Connect creates a new OAuth application. The new OAuth application cannot revoke old access tokens. For more information, see credential rotation.
Best Practice
For security purposes, ensure that you send credentials only in the request body. Avoid sending credentials as query parameters because this might result in compromised credentials.
Security
None.
Parameters
None.Request
| Field | Type | Required | Description |
|---|---|---|---|
client_id | string |  | The client ID. |
client_secret | string | | The client secret. |
token | string | | The token to revoke. |
Request examples
- cURL
- Java
- Python
- Go
curl --request POST \
--url https://connect.instacart.com/v2/oauth/token/revoke \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '{
"client_id": "string",
"client_secret": "string",
"token": "string"
}'
HttpResponse<String> response = Unirest.post("https://connect.instacart.com/v2/oauth/token/revoke")
.header("Accept", "application/json")
.header("Content-Type", "application/json")
.body("{\n \"client_id\": \"string\",\n \"client_secret\": \"string\",\n \"token\": \"string\"\n}")
.asString();
import http.client
conn = http.client.HTTPSConnection("connect.instacart.com")
payload = "{\n \"client_id\": \"string\",\n \"client_secret\": \"string\",\n \"token\": \"string\"\n}"
headers = {
'Accept': "application/json",
'Content-Type': "application/json"
}
conn.request("POST", "/v2/oauth/token/revoke", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://connect.instacart.com/v2/oauth/token/revoke"
payload := strings.NewReader("{\n \"client_id\": \"string\",\n \"client_secret\": \"string\",\n \"token\": \"string\"\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Accept", "application/json")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}
Response
None.Response examples
200 Success
200Revokes access token
{
// Empty
}
Authentication Errors
| HTTP Code | Cause | Error | Description |
|---|---|---|---|
403 | Unauthorized client | "unauthorized_client" | "You are not authorized to revoke this token" |
403 | Query Params Forbidden | "query_params_forbidden" | "Providing OAuth credentials as query parameters may cause them to be compromised. Please reach out to Instacart's security team and have the credentials rotated." |