Revoke
K0rdent Api Revoke endpoints
Revoke Endpoints
| Method | Endpoint | Description |
|---|---|---|
POST | /v1/regions/global/auth/revoke | Visibility: public · internal ( OpenAPI Custom Extension: x-visibility ) Explicitly revoke an access token before its natural expiration. Once revoked, the token is added to a server-side deny list and will fail introspection checks immediately. Callers can revoke their own tokens. Tenant administrators can revoke any token within the tenant. Inspired by RFC 7009 but uses application/json instead of form-encoded requests. This endpoint returns 200 even if the token is already expired, revoked, or unrecognized. This prevents information leakage about token validity. Resource servers that enforce real-time revocation must call the introspect endpoint for sensitive operations, as self-contained JWT signature verification alone will not detect revoked tokens. |
How is this guide?