<access-service>/api/v1/auth/token/revoke

URL structure

https://access-service.xy-company.com/api/v1/auth/token/revoke

Supported methods and overview

• POST - used to revoke (i.e. invalidate) an access token as well as its associated refresh token.

Detailed description

This API endpoint invalidates the access token passed in the header of the request to this endpoint (including the header of requests to any other of Covata's API endpoints).

If this request succeeds, both this access token and its associated refresh token are invalidated. Passing any invalidated access token in the header of requests to any Covata API endpoint will cause these requests to fail.

It is also possible to invalidate all access tokens (and their associated refresh tokens) that belong to one or more Covata user(s) by calling the <access-service>/api/v1/users/{userId}/expire or <access-service>/api/v1/users/bulk API endpoints, respectively.

Supported roles

This API endpoint supports the following Covata user roles (as described in the Covata Platform Administrator's Guide):

• Originator
• Collaborator
• Ad hoc
• System administrator
• User administrator

The Covata Platform's resources available to one of these Covata users (above) is determined by the access token passed in the header of requests to this endpoint.

Required headers

The appropriate access token as the Bearer token:

• Authorization: Bearer a1b2c3d4-e5f6-g7h8-i9j0-k1l2m3n4o5p6

The request also requires form URL-encoded data in the body:

• Content-Type: application/x-www-form-urlencoded

Required parameters

The following required parameter must be sent in the body of the request (as form URL-encoded data):

• token - The access token passed in the header of the request to this endpoint.

  Example:

  token=a1b2c3d4-e5f6-g7h8-i9j0-k1l2m3n4o5p6

Returns

If the request succeeded, then an HTTP response status 200 OK is returned.