Skip to main contentIBM Video Streaming Developers

Token revocation

Overview

In some cases, a user may want to revoke access given to an application. Programmatic revocation is important in instances where a user logs out, changes identity, unsubscribes, or uninstalls the application.

Token revocation endpoint
Locationhttps://video.ibm.com/oauth2/token/revoke
Supported HTTP methodPOST

Parameters

PARAMETERTYPEIMPORTANCEDESCRIPTION
tokenstringREQUIREDThe token that the client wants to get revoked. Can be access token or refresh token.
client_idstringREQUIRED40-character long string that identifies the client the token belongs to.

In addition to the parameters above, the client must provide its client secret (provided along with the client key) to authenticate itself. The authentication is done with HTTP Basic authorization method.

Sample HTTP header:

Authorization: Basic bc345abc45d6789abcdef0123aef0126789def01

For example, a client may request the revocation of a token with the following request:

POST /oauth2/token/revoke HTTP/1.1
Host: video.ibm.com
Content-Type: application/x-www-form-urlencoded
Authorization: Basic bc345abc45d6789abcdef0123aef0126789def01
token=5fb2a4aba6157825929b78c56e623613f20033ff&client_id=50aefe42c68cf63b488fc6630b7f0b3b7ae00e8e

Revocation Response

The authorization server responds with HTTP status code 200 if the token has been revoked successfully or if the client submitted an invalid token. The content of the response body can be ignored by the client as all necessary information is conveyed in the response code.