POST oauth/invalidate_token

Allows a registered application to revoke an issued OAuth access_token by presenting its client credentials. Once an access_token has been invalidated, new creation attempts will yield a different Access Token and usage of the invalidated token will no longer be allowed.

Resource URL

Resource Information

Response formats JSON
Requires authentication? Yes
Rate limited? Yes


Name Required Description
access_token required The access_token of user to be invalidated
access_token_secret required The access_token_secret of user to be invalidated

Example request:

    curl --request POST 
      --url '' 
      --header 'authorization: OAuth oauth_consumer_key="CLIENT_KEY",
     oauth_nonce="AUTO_GENERATED_NONCE", oauth_signature="AUTO_GENERATED_SIGNATURE",
     oauth_signature_method="HMAC-SHA1", oauth_timestamp="AUTO_GENERATED_TIMESTAMP",
     oauth_token="ACCESS_TOKEN", oauth_version="1.0"'

Example response:

    HTTP/1.1 200 OK
    Content-Type: application/json; charset=utf-8
    Content-Length: 127


Example error response after token has been invalidated:

    HTTP/1.1 401 Authorization Required

    {"errors": [{
      "code": 89,
      "message": "Invalid or expired token."}