Fortinet black logo

REST API Solution Guide

Home FortiAuthenticator 6.4.4 REST API Solution Guide

OAuth server revoke token (/oauth/revoke_token/)

6.4.4
6.6.0
6.5.4
6.5.3
6.5.2
6.5.1
6.5.0
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.3.4
6.3.3
6.3.2
6.3.1
6.3.0
6.2.2
6.2.1
6.2.0
6.1.3
6.1.2
6.1.1
6.1.0
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.5.0
5.4.0
5.3.0
5.2.0
5.1.0
5.0.0
Copy Link
Copy Doc ID a046851d-bf71-11ec-9fd1-fa163e15d75b:454622
Download PDF

OAuth server revoke token (/oauth/revoke_token/)

URL: https://[server_name]/api/v1/oauth/revoke_token/

This end-point is used to revoke or otherwise delete an an oauth access token entry from the database in the event that the authorized client wishes to revoke that token.

Supported fields

Field Display name Type Required Other restrictions
client_id String ID of client or application. string Yes
client_secret Hash client secret. string Only if application client_type is confidential.
token Access Token to revoke. string Yes

Allowed methods

HTTP method Resource URI Action
POST /api/v1/oauth/revoke_token/ Revoke specified token.

Response codes

In addition to the general codes defined in General API response codes, a POST request to this resource can also result in the following return codes:

Code Response content Description
200 OK Valid credentials.
400 BAD REQUEST If you specify the correct client_id and client_secret, but you enter an empty token.
401 UNAUTHORIZED If you do not specify the correct client_id and client_secret.

Example

Revoke a Token

curl -k -v -X POST \

https://[FAC_IP]/api/v1/oauth/revoke_token/ \

-H 'Content-Type: application/json' \

-d '{

"client_id": "fcare",

"token": "zGSaz2yqfjco7qWLQW2ctZXlhbRRJ"

}'

Previous
Next

OAuth server revoke token (/oauth/revoke_token/)

URL: https://[server_name]/api/v1/oauth/revoke_token/

This end-point is used to revoke or otherwise delete an an oauth access token entry from the database in the event that the authorized client wishes to revoke that token.

Supported fields

Field Display name Type Required Other restrictions
client_id String ID of client or application. string Yes
client_secret Hash client secret. string Only if application client_type is confidential.
token Access Token to revoke. string Yes

Allowed methods

HTTP method Resource URI Action
POST /api/v1/oauth/revoke_token/ Revoke specified token.

Response codes

In addition to the general codes defined in General API response codes, a POST request to this resource can also result in the following return codes:

Code Response content Description
200 OK Valid credentials.
400 BAD REQUEST If you specify the correct client_id and client_secret, but you enter an empty token.
401 UNAUTHORIZED If you do not specify the correct client_id and client_secret.

Example

Revoke a Token

curl -k -v -X POST \

https://[FAC_IP]/api/v1/oauth/revoke_token/ \

-H 'Content-Type: application/json' \

-d '{

"client_id": "fcare",

"token": "zGSaz2yqfjco7qWLQW2ctZXlhbRRJ"

}'

Previous
Next