Step 5: Revoke refresh tokens

Revoking refresh tokens means invalidation of application's access to Bigin API resources. You can request the authorization server for the revocation of refresh tokens when the application no longer needs to access the Bigin resources for a specified scope or when tokens are compromised. With the revoked refresh token, you cannot obtain new access tokens.

Request URL

{accounts-server}/oauth/v2/token/revoke

You must use domain-specific accounts URL to generate access and refresh tokens. Based on the domain location of the user, you should replace {accounts-server} with any of the following domain-specific accounts URL:

For US, https://accounts.zoho.com
For AU, https://accounts.zoho.com.au
For EU, https://accounts.zoho.eu
For IN, https://accounts.zoho.in
For CN, https://accounts.zoho.com.cn
For JP, https://accounts.zoho.jp

For example, if the user's domain location is US, you should make a revocation of refresh token request to authorization server using https://accounts.zoho.com.

Endpoint

POST /token/revoke

Request Parameters

The request parameters are given below:

token stringrequired

Indicates the refresh token that you want to revoke.

Sample request

Copiedcurl -X POST "https://accounts.zoho.com/oauth/v2/token/revoke?token=1000.921fa5d2ba9dd1ffd8a9cfd9f043e6e8.28460fe08194a390ac11fb8865ad1572"

Sample JSON response

Copied{
"status":"success"
}