Revoke token
Visibility: public · internal ( OpenAPI Custom Extension: x-visibility )
Explicitly revoke an access token before its natural expiration. Once revoked, the token is added to a server-side deny list and will fail introspection checks immediately.
Callers can revoke their own tokens. Tenant administrators can revoke any token within the tenant.
Inspired by RFC 7009 but uses application/json instead of form-encoded requests. This endpoint returns 200 even if the token is already expired, revoked, or unrecognized. This prevents information leakage about token validity.
Resource servers that enforce real-time revocation must call the introspect endpoint for sensitive operations, as self-contained JWT signature verification alone will not detect revoked tokens.
Authorization
bearerAuth Bearer token authentication using OAuth2/OIDC tokens
In: header
Request Body
application/json
The access token (JWT) to revoke.
Response Body
application/json
application/json
application/json
application/json
application/json
curl -X POST "https://api.k0rdent.ai/v1/regions/global/auth/revoke" \ -H "Content-Type: application/json" \ -d '{ "token": "string" }'{
"revoked": true
}{
"error": {
"code": 0,
"message": "string",
"details": [
{}
]
}
}{
"error": {
"code": 0,
"message": "string",
"details": [
{}
]
}
}{
"error": {
"code": 0,
"message": "string",
"details": [
{}
]
}
}{
"error": {
"code": 0,
"message": "string",
"details": [
{}
]
}
}How is this guide?