Revoke an OAuth token (access or refresh)

POST 
/oauth/revoke

• Revokes the specified OAuth token (must be done separately for access token and refresh token)
• Providers must validate that the revocation is initiated by the legitimate client
• Providers can deploy this endpoint under a separate base path (e.g., without a version number). SIX forwards the requests accordingly.

Request

Responses

200

OAuth token revocation success

Response Headers

X-Correlation-ID

Client defined ID from request to correlate HTTP requests between a client and a server

X-CorAPI-Source

Indicates whether the response was created by the bLink platform or by the provider.

Cache-Control

must include: no-store

Pragma

must be: no-cache

400

Bad Request - The format of the request was invalid.

Response Headers

Content-Language

always en

X-Correlation-ID

Client defined ID from request to correlate HTTP requests between a client and a server

401

Unauthorized - Client authentication failed.

Response Headers

Content-Language

always en

X-Correlation-ID

Client defined ID from request to correlate HTTP requests between a client and a server

403

Forbidden - Access to endpoint denied.

Response Headers

Content-Language

always en

X-Correlation-ID

Client defined ID from request to correlate HTTP requests between a client and a server

406

Not Acceptable

Response Headers

Content-Language

always en

X-Correlation-ID

Client defined ID from request to correlate HTTP requests between a client and a server

415

Unsupported Media Type

Response Headers

Content-Language

always en

X-Correlation-ID

Client defined ID from request to correlate HTTP requests between a client and a server

500

Internal Server Error

Response Headers

Content-Language

always en

X-Correlation-ID

Client defined ID from request to correlate HTTP requests between a client and a server

502

Bad Gateway

Response Headers

Content-Language

always en

X-Correlation-ID

Client defined ID from request to correlate HTTP requests between a client and a server

504

Gateway Timeout - The service provider did not answer in the required time.

Response Headers

Content-Language

always en

X-Correlation-ID

Client defined ID from request to correlate HTTP requests between a client and a server