Revoke Token

Endpoint

POST /oauth2/revoke

Base URL: https://api-id.avnology.net

Content-Type: application/x-www-form-urlencoded

Authentication: Client credentials (client_id + client_secret)

Revokes an access token or refresh token. After revocation, the token can no longer be used. Revoking a refresh token also invalidates all access tokens derived from it.

Request

Parameter	Type	Required	Description
`token`	string	Yes	The token to revoke
`token_type_hint`	string	No	`access_token` or `refresh_token`
`client_id`	string	Yes	Your client ID
`client_secret`	string	Yes	Your client secret

Example Request

curl -X POST https://api-id.avnology.net/oauth2/revoke \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "token=rt_a1b2c3d4e5f6g7h8..." \
  -d "token_type_hint=refresh_token" \
  -d "client_id=cli_abc123def456" \
  -d "client_secret=cs_secret_value"

Response

Success (200 OK)

Returns an empty body on success. Per RFC 7009, the endpoint always returns 200 even if the token was already revoked or invalid.

Errors

Error	HTTP	Description
`invalid_client`	401	Client authentication failed
`invalid_request`	400	Missing token parameter

Code Examples

JavaScript (fetch)

async function revokeToken(token, clientId, clientSecret) {
  await fetch('https://api-id.avnology.net/oauth2/revoke', {
    method: 'POST',
    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
    body: new URLSearchParams({ token, client_id: clientId, client_secret: clientSecret }),

Python (httpx)

import httpx

def revoke_token(token: str, client_id: str, client_secret: str) -> None:
    httpx.post("https://api-id.avnology.net/oauth2/revoke", data={
        "token": token,

Go (net/http)

func revokeToken(ctx context.Context, token, clientID, clientSecret string) error {
	data := url.

Token Endpoint -- obtain tokens
Introspect Token -- check token status
SDK: client.oauth.revokeToken(token) (TypeScript)

On this page