Partners may revoke access and refresh tokens at any time. This process follows the standard described in RFC-7009. Revoked tokens may continue to be accepted for a brief period, as the revocation propagates to all serverside caches and data stores.
If the included token is a refresh token, the associated access token will automatically be revoked. If it is an access token, any associated refresh tokens will also be revoked.
This request must be accompanied by an Authorization header, which is assembled using HTTP Basic Authentication. The username field must be the partner’s client identifier, and the password field must be the partner’s client secret. An example of this header:
Authorization: Basic Tmluy1aGVcnk6NmxMmQwOW4MTA2NzE4ZDg2nU=
The contents of this request are submitted as standard form parameters. The Content-Type header must be:
Request body form parameters
|token||The access or refresh token being revoked||Y|
|token_type_hint||The type of token being revoked. Must be either access_token or refresh_token|