Revoke Access Token
Revoke an access token before it expires.
POST
/o/revoke_token/
Invalidate an access token to prevent further API access.
Authentication
Uses Basic authentication with your client credentials (not Bearer token).
Request Headers
Authorization: Basic base64(client_id:client_secret)
Content-Type: application/x-www-form-urlencoded
Request Body
| Parameter | Type | Required | Description |
|---|---|---|---|
token | string | Yes | The access token to revoke |
token_type_hint | string | No | Hint about token type (default: "access_token") |
Example Request
# First, encode your credentials
CLIENT_ID="your_client_id"
CLIENT_SECRET="your_client_secret"
CREDENTIALS=$(echo -n "$CLIENT_ID:$CLIENT_SECRET" | base64)
# Revoke the token
curl -X POST https://api.cryptofuse.io/o/revoke_token/ \
-H "Authorization: Basic $CREDENTIALS" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "token=your_access_token&token_type_hint=access_token"
Response
Success Response (200 OK)
HTTP/1.1 200 OK
No response body is returned on successful revocation.
Use Cases
- Logout functionality - Revoke token when user logs out
- Security - Immediately invalidate compromised tokens
- Token rotation - Revoke old tokens when issuing new ones
- Access control - Revoke access for deactivated applications
Important Notes
- After revocation, you'll need to obtain a new token to continue making API requests
- Revocation is immediate and cannot be undone
- If the token is already expired or invalid, the request still returns 200 OK
- This endpoint uses Basic authentication, not Bearer token authentication
Example: Token Rotation
async function rotateToken(clientId, clientSecret, oldToken) {
// Encode credentials
const credentials = btoa(`${clientId}:${clientSecret}`);
// Revoke old token
await fetch('https://api.cryptofuse.io/o/revoke_token/', {
method: 'POST',
headers: {
'Authorization': `Basic ${credentials}`,
'Content-Type': 'application/x-www-form-urlencoded'
},
body: `token=${oldToken}&token_type_hint=access_token`
});
// Get new token
const tokenResponse = await fetch('https://api.cryptofuse.io/o/token/', {
method: 'POST',
headers: {
'Authorization': `Basic ${credentials}`,
'Content-Type': 'application/x-www-form-urlencoded'
},
body: 'grant_type=client_credentials&scope=read write'
});
const data = await tokenResponse.json();
return data.access_token;
}
Python Example
import requests
import base64
def revoke_token(client_id, client_secret, access_token):
"""Revoke an access token."""
# Encode credentials
credentials = base64.b64encode(
f"{client_id}:{client_secret}".encode()
).decode()
# Revoke token
response = requests.post(
'https://api.cryptofuse.io/o/revoke_token/',
headers={
'Authorization': f'Basic {credentials}',
'Content-Type': 'application/x-www-form-urlencoded'
},
data={
'token': access_token,
'token_type_hint': 'access_token'
}
)
if response.status_code == 200:
print("Token revoked successfully")
return True
else:
print(f"Failed to revoke token: {response.status_code}")
return False
# Usage
revoke_token('your_client_id', 'your_client_secret', 'old_access_token')