HomeGuidesAPI ReferenceChangelogDiscussions
Guides
These docs are for v2.0. Click to read the latest docs for v2024-10-01.

Revoking an access token

You can revoke an access/refresh token if you do not want it to remain active. This can be necessary in cases where you feel a token has been compromised.

🚧

Note

Using a new token automatically revokes the previous token, and hence an API call is not necessary for that.

curl -X POST 'https://api.factorialhr.com/oauth/revoke' -d 'client_id=<YOUR_CLIENT_ID>&client_secret=<YOUR_CLIENT_SECRET>&token=<TOKEN>'

YOUR_CLIENT_ID: OAuth2 Application Id

YOUR_CLIENT_SECRET: OAuth2 Application Secret

TOKEN: OAuth2 Access/Refresh Token (whichever you wish to revoke)
https://api.factorialhr.com/oauth/revoke?client_id=<YOUR_CLIENT_ID>&client_secret=<YOUR_CLIENT_SECRET>&token=<YOUR_ACCESS_TOKEN>

YOUR_CLIENT_ID: OAuth2 Application Id

YOUR_CLIENT_SECRET: OAuth2 Application Secret

TOKEN: OAuth2 Access/Refresh Token (whichever you wish to revoke)