DELETE https://api.mollie.com/oauth2/tokens

Revoke an access token or refresh token. Once revoked, the token can no longer be used.

Revoking a refresh token revokes all access tokens that were created using the same authorization.

This endpoint can only be accessed using OAuth client credentials.

Headers

`Authorization` string

The OAuth client ID and client secret as basic access credentials.

Pseudo code:

"Basic " + toBase64(client_id + ":" + client_secret)

For example:

Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

Hints:

The client credentials can be included either in this Authorization header or in the body parameters.

This header will be required if you do not send the client_id and client_secret in the body parameters.

Body parameters

`token_type_hint` string (required)

The type of token you want to revoke.

Possible values: access_token refresh_token

`token` string (required)

The token you want to revoke.

`client_id` string | null

The client ID you received when you registered your OAuth app. The ID starts with app_. For example: app_j9Pakf56Ajta6Y65AkdTtAv. There is no need to send it if you include the client credentials in the Authorization header.

`client_secret` string | null

The client secret you received when you registered your OAuth app. There is no need to send it if you include the client credentials in the Authorization header.

Response [204]

204 No Content

Response [400]

400 Bad Request

`error` string

The error code. For example: invalid_request.

`error_description` string

The error description in details. For example: You need to provide the 'token' field.

Example response

{
  "error": "invalid_grant",
  "error_description": "Authorization code doesn't exist or is invalid for the client"
}