DELETE https://api.mollie.com/oauth2/tokens
Revoke an access token or refresh token. Once revoked, the token can no longer be used.
Revoking a refresh token revokes all access tokens that were created using the same authorization.
This endpoint can only be accessed using OAuth client credentials.
Headers
Authorization string
Authorization stringThe OAuth client ID and client secret as basic access credentials.
Pseudo code:
"Basic " + toBase64(client_id + ":" + client_secret)For example:
Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==Hints:
- The client credentials can be included either in this
Authorizationheader or in the body parameters.- This header will be required if you do not send the
client_idandclient_secretin the body parameters.
Body parameters
token_type_hint string (required)
token_type_hint string (required)The type of token you want to revoke.
Possible values:
access_tokenrefresh_token
token string (required)
token string (required)The token you want to revoke.
client_id string | null
client_id string | nullThe client ID you received when you registered your OAuth app. The ID starts with
app_. For example:app_j9Pakf56Ajta6Y65AkdTtAv. There is no need to send it if you include the client credentials in theAuthorizationheader.
client_secret string | null
client_secret string | nullThe client secret you received when you registered your OAuth app. There is no need to send it if you include the client credentials in the
Authorizationheader.
Response [204]
204 No Content
Response [400]
400 Bad Request
error string
error stringThe error code. For example:
invalid_request.
error_description string
error_description stringThe error description in details. For example:
You need to provide the 'token' field.
Example response
{
"error": "invalid_grant",
"error_description": "Authorization code doesn't exist or is invalid for the client"
}