Revoke token API throws 400 error with square version 2024-03-20

Our app is on the latest version ‘2024-03-20’. I was trying to use the API explorer to checkout the revoke token API. With the square version 2024-03-20(latest) the explorer takes Authorization : BEARER [ACCESS_TOKEN].

curl \
  -X POST \
  -H 'Square-Version: 2024-03-20' \
  -H 'Authorization: Bearer [ACCESS_TOKEN]' \
  -H 'Content-Type: application/json' \
  -d '{
    "client_id": [CLIENT_ID],
    "merchant_id": [MERCHANT_ID],
    "revoke_only_access_token": false,
    "access_token": [ACCESS_TOKEN]

The API fails with response 400

  "message": "bad authorization header",
  "type": "bad_request.invalid_parameter"

However the API succeeds using the version 2024-02-22 with the necessary params and headers (Authorization: Client APPLICATION_SECRET)

Why does the Revoke token API not work with the authorisation provided as per 2024-03-20?

I just tested and it worked as expected with the latest version of the API. It won’t work in the API Explorer since you can’t set the header to Authorization: Client APPLICATION_SECRET. You’ll have to copy the command and run it separately. :slightly_smiling_face:

Works fine with Authorization: Client APPLICATION_SECRET but not with Authorization: ACCESS_TOKEN which is specified in the API Explorer for version 2024-03-20

That’s correct. It currently doesn’t work in the API Explorer because the Explorer sets the access token. I’ve shared this with the team. :slightly_smiling_face:

1 Like