Revoke token

POST

/oauth2/revoke

Revokes an access token generated with the OAuth flow.

If an account has more than one OAuth access token for your application, this endpoint revokes all of them, regardless of which token you specify. When an OAuth access token is revoked, all of the active subscriptions associated with that OAuth token are canceled immediately.

Important: The Authorization header for this endpoint must have the following format:

  Authorization: Client APPLICATION_SECRET

Replace APPLICATION_SECRET with the application secret on the OAuth page for your application in the Developer Dashboard.

Guide

Refresh, Revoke, and Limit the Scope of OAuth Tokens

Try in API Explorer

Link to section

Request body

Example code

Link to section

client_id

string

The Square-issued ID for your application, which is available on the OAuth page in the Developer Dashboard.

Max Length

191

Link to section

access_token

string

The access token of the merchant whose token you want to revoke. Do not provide a value for merchant_id if you provide this parameter.

Min Length

Max Length

1024

Link to section

merchant_id

string

The ID of the merchant whose token you want to revoke. Do not provide a value for access_token if you provide this parameter.

Link to section

revoke_only_access_token

boolean

If true, terminate the given single access token, but do not terminate the entire authorization. Default: false

Link to section

Response fields

Link to section

success

boolean

If the request is successful, this is true.

Link to section

errors

Any errors that occurred during the request.