DELETE
https://api.mollie.com/oauth2/tokens
Revoke an access token or refresh token. Once revoked, the token can no longer be used.
Revoking a refresh token revokes all access tokens that were created using the same authorization.
This endpoint can only be accessed using OAuth client credentials.
Headers
Authorization
string
Authorization
stringThe OAuth client ID and client secret as basic access credentials.
Pseudo code:
"Basic " + toBase64(client_id + ":" + client_secret)
For example:
Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Hints:
- The client credentials can be included either in this
Authorization
header or in the body parameters.- This header will be required if you do not send the
client_id
andclient_secret
in the body parameters.
Body parameters
token_type_hint
string (required)
token_type_hint
string (required)The type of token you want to revoke.
Possible values:
access_token
refresh_token
token
string (required)
token
string (required)The token you want to revoke.
client_id
string | null
client_id
string | nullThe client ID you received when you registered your OAuth app. The ID starts with
app_
.
For example:app_j9Pakf56Ajta6Y65AkdTtAv
.
There is no need to send it if you include the client credentials in theAuthorization
header.
client_secret
string | null
client_secret
string | nullThe client secret you received when you registered your OAuth app.
There is no need to send it if you include the client credentials in theAuthorization
header.
Response [204]
204
No Content
Response [400]
400
Bad Request
error
string
error
stringThe error code.
For example:invalid_request
.
error_description
string
error_description
stringThe error description in details.
For example:You need to provide the 'token' field
.
Example response
{
"error": "invalid_grant",
"error_description": "Authorization code doesn't exist or is invalid for the client"
}