Revoke token API throws 400 error with square version 2024-03-20

Chetan · April 1, 2024, 7:44am

Our app is on the latest version ‘2024-03-20’. I was trying to use the API explorer to checkout the revoke token API. With the square version 2024-03-20(latest) the explorer takes Authorization : BEARER [ACCESS_TOKEN].

curl https://connect.squareupsandbox.com/oauth2/revoke \
  -X POST \
  -H 'Square-Version: 2024-03-20' \
  -H 'Authorization: Bearer [ACCESS_TOKEN]' \
  -H 'Content-Type: application/json' \
  -d '{
    "client_id": [CLIENT_ID],
    "merchant_id": [MERCHANT_ID],
    "revoke_only_access_token": false,
    "access_token": [ACCESS_TOKEN]
  }'

The API fails with response 400

{
  "message": "bad authorization header",
  "type": "bad_request.invalid_parameter"
}

However the API succeeds using the version 2024-02-22 with the necessary params and headers (Authorization: Client APPLICATION_SECRET)

Why does the Revoke token API not work with the authorisation provided as per 2024-03-20?

Bryan-Square · April 1, 2024, 4:18pm

I just tested and it worked as expected with the latest version of the API. It won’t work in the API Explorer since you can’t set the header to Authorization: Client APPLICATION_SECRET. You’ll have to copy the command and run it separately.

Chetan · April 1, 2024, 4:22pm

Works fine with Authorization: Client APPLICATION_SECRET but not with Authorization: ACCESS_TOKEN which is specified in the API Explorer for version 2024-03-20

Bryan-Square · April 1, 2024, 5:11pm

That’s correct. It currently doesn’t work in the API Explorer because the Explorer sets the access token. I’ve shared this with the team.