POST oauth/invalidate_token
invalidate_access_token

POST oauth/invalidate_token

Allows a registered application to revoke an issued OAuth access_token by presenting its client credentials. Once an access_token has been invalidated, new creation attempts will yield a different Access Token and usage of the invalidated token will no longer be allowed.

Resource URL

https://api.x.com/1.1/oauth/invalidate_token

Resource Information

Response formats JSON
Requires authentication? Yes - User context with the access tokens that you would like to invalidate
Rate limited? Yes

Example request

    curl --request POST 
      --url 'https://api.x.com/1.1/oauth/invalidate_token.json' 
      --header 'authorization: OAuth oauth_consumer_key="CLIENT_KEY",
     oauth_nonce="AUTO_GENERATED_NONCE", oauth_signature="AUTO_GENERATED_SIGNATURE",
     oauth_signature_method="HMAC-SHA1", oauth_timestamp="AUTO_GENERATED_TIMESTAMP",
     oauth_token="ACCESS_TOKEN", oauth_version="1.0"'

Example response

    HTTP/1.1 200 OK
    Content-Type: application/json; charset=utf-8
    Content-Length: 127
    ...

    {"access_token":"ACCESS_TOKEN"}

Example error response after token has been invalidated

    HTTP/1.1 401 Authorization Required
    ...

    {"errors": [{
      "code": 89,
      "message": "Invalid or expired token."}
    ]}