Revoke OAuth tokens

OAuth tokens can be revoked in two ways:

Users themselves can remove the tokens for the apps they've granted permission to. To revoke:

Sign in at accounts.zoho.com.
Click Sessions in the left menu, then scroll down to Connected Apps.
To revoke token for an app, hover over the app and click Revoke Access.
Click Yes, Proceed.

Programmatically, OAuth tokens can be revoked by making a POST request to the endpoint oauth/v2/token/revoke. Both access tokens and refresh tokens can be revoked. If a refresh token is revoked, all the access tokens that are generated using it also get revoked.

Query parameter

token
required
Refresh token or access token that needs to be revoked.

Response

{"status":"success"}	The token is successfully revoked.
400 Bad Request	The token passed in the request is invalid.

Endpoint

CopiedPOST 		{accounts-server-url}/oauth/v2/token/revoke

Note: The accounts-server-url is specific to the location (i.e., datacenter) where your app is registered.

Request example

Copiedhttps://accounts.zoho.com/oauth/v2/token/revoke
?token=1000.18e983526f0ca8575ea9c53b0cd5bb58.1bd83a6f2e22c3a7e1309d96ae439cc1