Revoke OAuth tokens

OAuth tokens can be revoked in two ways:

Users themselves can remove the tokens for the apps they've granted permission to. To revoke:

  1. Sign in at accounts.zoho.com.
  2. Click Sessions in the left menu, then scroll down to Connected Apps.
  3. To revoke token for an app, hover over the app and click Revoke Access.
  4. Click Yes, Proceed.

 

Programmatically, OAuth tokens can be revoked by making a POST request to the endpoint oauth/v2/token/revoke. Both access tokens and refresh tokens can be revoked. If an access token is generated using a refresh token and it's revoked, the corresponding refresh token also gets revoked. 
 

Query parameter

token
required
Refresh token or access token that needs to be revoked.

Response

{"status":"success"}The token is successfully revoked.
400 Bad RequestThe token passed in the request is invalid.

Endpoint

CopiedPOST 		{accounts-server-url}/oauth/v2/token/revoke

Note: The accounts-server-url is specific to the location (i.e., datacenter) where your app is registered.

Request example

Copiedhttps://accounts.zoho.com/oauth/v2/token/revoke
?token=1000.18e983526f0ca8575ea9c53b0cd5bb58.1bd83a6f2e22c3a7e1309d96ae439cc1