.png?width=210&height=60&name=zitadel-logo_text-dark%20(1).png){kind=logo}
How to revoke an Access Token/Refresh Token
This Article explains the mechanism to revoke an access token and a refresh token
Clients can use the following endpoint to revoke a user's access token or refresh token:
POST<instance_domain>/oauth/v2/revokeThe body of the request must be x-www-form-urlencoded and include the following parameters:
token: <token_to_revoke>
client_id: <application_client_id>
Depending on the token endpoint authentication method, additional parameters may be needed.
Note: To validate if an access token has been revoked, you will have to call the introspect endpoint. Otherwise, the access token may be considered valid until it's expired.
Reference: