Step 6: Revoke refresh tokens
Revoking refresh tokens means invalidation of application's access to Bigin API resources. You can request the authorization server for the revocation of refresh tokens when the application no longer needs to access the Bigin resources for a specified scope or when tokens are compromised. With the revoked refresh token, you cannot obtain new access tokens.
Request URL
{accounts-server}/oauth/v2/token/revoke
You must use domain-specific accounts URL to generate access and refresh tokens. Based on the domain location of the user, you should replace {accounts-server} with any of the following domain-specific accounts URL:
- For US, https://accounts.zoho.com
- For AU, https://accounts.zoho.com.au
- For EU, https://accounts.zoho.eu
- For IN, https://accounts.zoho.in
- For CN, https://accounts.zoho.com.cn
- For JP, https://accounts.zoho.jp
For example, if the user's domain location is US, you should make a revocation of refresh token request to authorization server using https://accounts.zoho.com.
You can refer to the user's domain location from the redirect URI response.
Endpoint
Request Parameters
The request parameters are given below:
token stringrequired
Indicates the refresh token that you want to revoke.
Sample request
Copiedcurl -X POST "https://accounts.zoho.com/oauth/v2/token/revoke?token=1000.921fa5d2ba9dd1ffd8a9cfd9f043e6e8.28460fe08194a390ac11fb8865ad1572"
Sample JSON response
Copied{
"status":"success"
}