Przejdź do głównej zawartości

Revoke Access Token

Revoke an access token before it expires.

POST
/o/revoke_token/

Invalidate an access token to prevent further API access.

Authentication

Uses Basic authentication with your client credentials (not Bearer token).

Request Headers

Authorization: Basic base64(client_id:client_secret)
Content-Type: application/x-www-form-urlencoded

Request Body

ParameterTypeRequiredDescription
tokenstringYesThe access token to revoke
token_type_hintstringNoHint about token type (default: "access_token")

Example Request

# First, encode your credentials
CLIENT_ID="your_client_id"
CLIENT_SECRET="your_client_secret"
CREDENTIALS=$(echo -n "$CLIENT_ID:$CLIENT_SECRET" | base64)

# Revoke the token
curl -X POST https://api.cryptofuse.io/o/revoke_token/ \
  -H "Authorization: Basic $CREDENTIALS" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "token=your_access_token&token_type_hint=access_token"

Response

Success Response (200 OK)

HTTP/1.1 200 OK

No response body is returned on successful revocation.

Use Cases

  • Logout functionality - Revoke token when user logs out
  • Security - Immediately invalidate compromised tokens
  • Token rotation - Revoke old tokens when issuing new ones
  • Access control - Revoke access for deactivated applications

Important Notes

  • After revocation, you'll need to obtain a new token to continue making API requests
  • Revocation is immediate and cannot be undone
  • If the token is already expired or invalid, the request still returns 200 OK
  • This endpoint uses Basic authentication, not Bearer token authentication

Example: Token Rotation

async function rotateToken(clientId, clientSecret, oldToken) {
  // Encode credentials
  const credentials = btoa(`${clientId}:${clientSecret}`);
  
  // Revoke old token
  await fetch('https://api.cryptofuse.io/o/revoke_token/', {
    method: 'POST',
    headers: {
      'Authorization': `Basic ${credentials}`,
      'Content-Type': 'application/x-www-form-urlencoded'
    },
    body: `token=${oldToken}&token_type_hint=access_token`
  });
  
  // Get new token
  const tokenResponse = await fetch('https://api.cryptofuse.io/o/token/', {
    method: 'POST',
    headers: {
      'Authorization': `Basic ${credentials}`,
      'Content-Type': 'application/x-www-form-urlencoded'
    },
    body: 'grant_type=client_credentials&scope=read write'
  });
  
  const data = await tokenResponse.json();
  return data.access_token;
}

Python Example

import requests
import base64

def revoke_token(client_id, client_secret, access_token):
    """Revoke an access token."""
    
    # Encode credentials
    credentials = base64.b64encode(
        f"{client_id}:{client_secret}".encode()
    ).decode()
    
    # Revoke token
    response = requests.post(
        'https://api.cryptofuse.io/o/revoke_token/',
        headers={
            'Authorization': f'Basic {credentials}',
            'Content-Type': 'application/x-www-form-urlencoded'
        },
        data={
            'token': access_token,
            'token_type_hint': 'access_token'
        }
    )
    
    if response.status_code == 200:
        print("Token revoked successfully")
        return True
    else:
        print(f"Failed to revoke token: {response.status_code}")
        return False

# Usage
revoke_token('your_client_id', 'your_client_secret', 'old_access_token')