Revoke tokens

DELETE https://api.mollie.com/oauth2/tokens

Revoke an access token or refresh token. Once revoked, the token can no longer be used.

Revoking a refresh token revokes all access tokens that were created using the same authorization.

This endpoint can only be accessed using OAuth client credentials.

Headers

Authorization string

The OAuth client ID and client secret as basic access credentials.

Pseudo code:

"Basic " + toBase64(client_id + ":" + client_secret)

For example:

Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

Hints:

  • The client credentials can be included either in this Authorization header or in the body parameters.
  • This header will be required if you do not send the client_id and client_secret in the body parameters.

Body parameters

token_type_hint string (required)

The type of token you want to revoke.

Possible values: access_token refresh_token

token string (required)

The token you want to revoke.

client_id string | null

The client ID you received when you registered your OAuth app. The ID starts with app_.
For example: app_j9Pakf56Ajta6Y65AkdTtAv.
There is no need to send it if you include the client credentials in the Authorization header.

client_secret string | null

The client secret you received when you registered your OAuth app.
There is no need to send it if you include the client credentials in the Authorization header.

Response [204]

204 No Content

Response [400]

400 Bad Request

error string

The error code.
For example: invalid_request.

error_description string

The error description in details.
For example: You need to provide the 'token' field.

Example response

{
  "error": "invalid_grant",
  "error_description": "Authorization code doesn't exist or is invalid for the client"
}