POST oauth/invalidate_token

Allows a registered application to revoke an issued OAuth access_token by presenting its client credentials. Once an access_token has been invalidated, new creation attempts will yield a different Access Token and usage of the invalidated token will no longer be allowed.

Resource URL

https://api.x.com/oauth/invalidate_token

Resource Information

Response formats JSON
Requires authentication? Yes
Rate limited? Yes

Parameters

Name Required Description
access_token required The access_token of user to be invalidated
access_token_secret required The access_token_secret of user to be invalidated

Example request:

    curl --request POST 
      --url 'https://api.x.com/1.1/oauth/invalidate_token.json?access_token=ACCESS_TOKEN&access_token_secret=ACCESS_TOKEN_SECRET' 
      --header 'authorization: OAuth oauth_consumer_key="CLIENT_KEY",
     oauth_nonce="AUTO_GENERATED_NONCE", oauth_signature="AUTO_GENERATED_SIGNATURE",
     oauth_signature_method="HMAC-SHA1", oauth_timestamp="AUTO_GENERATED_TIMESTAMP",
     oauth_token="ACCESS_TOKEN", oauth_version="1.0"'

Example response:

    HTTP/1.1 200 OK
    Content-Type: application/json; charset=utf-8
    Content-Length: 127
    ...

    {"access_token":"ACCESS_TOKEN"}

Example error response after token has been invalidated:

    HTTP/1.1 401 Authorization Required
    ...

    {"errors": [{
      "code": 89,
      "message": "Invalid or expired token."}
    ]}