Revoking an OAuth token
An OAuth token can be revoked, for example, to guarantee a sign-out in your app. The token can be revoked by you or the store itself.
Token revoked by the app
To revoke an OAuth token, send a POST request with your app's ID (Client ID), password (Client Secret), and the token to be revoked to YooMoney's OAuth server.
There are two ways to provide app's ID and password: in the body of the request or in the Authorization header by encoding the
<App's ID>:<App's password>
line using the base64 method and specifying the Basic authorization method. If you specify the Authorization header, the OAuth server will ignore the ID and password in the body of the request.Example of request
cURL
curl https://yookassa.ru/oauth/v2/revoke_token \ -u <App ID>:<App password> \ -d token=<OAuth token> \
Parameter description
Parameter | Type | Description |
---|---|---|
token | string | The OAuth token to be revoked. Mandatory parameter |
client_id | string | App's ID (Client ID). Mandatory parameter if the Authorization header isn't specified. If the header is specified, this parameter is ignored. |
client_secret | string | App's password (Client Secret). Mandatory parameter if the password is specified in the app settings and the Authorization header isn't specified in the request. If the header is specified, this parameter is ignored. |
If the token is revoked successfully, an empty response body will be returned.
Example of the body of the response
JSON
{}
If the token isn't revoked successfully, error's description will be returned.
Example of the body of the response with en error
JSON
{ "error": "invalid_request", "error_description": "<Error description>" }
Parameter descriptions for the error message
Parameter | Type | Description |
---|---|---|
error | string | Error code. Possible values:
Mandatory parameter |
error_description | string | Error description Optional parameter. |
Token revoked by the store
Store's owner can revoke the rights from your app in their YooMoney Merchant Profile. In this case, issued OAuth tokens will stop working. If you send a request with a revoked token, YooMoney will return an error.
See also