POST oauth/invalidate_token

Allows a registered application to revoke an issued OAuth access_token by presenting its client credentials. Once an access_token has been invalidated, new creation attempts will yield a different Access Token and usage of the invalidated token will no longer be allowed.

Resource URL

https://api.twitter.com/1.1/oauth/invalidate_token

Resource Information

Response formats JSON
Requires authentication? Yes - User context with the access tokens that you would like to invalidate
Rate limited? Yes

Example request

    curl --request POST 
      --url 'https://api.twitter.com/1.1/oauth/invalidate_token.json' 
      --header 'authorization: OAuth oauth_consumer_key="CLIENT_KEY",
     oauth_nonce="AUTO_GENERATED_NONCE", oauth_signature="AUTO_GENERATED_SIGNATURE",
     oauth_signature_method="HMAC-SHA1", oauth_timestamp="AUTO_GENERATED_TIMESTAMP",
     oauth_token="ACCESS_TOKEN", oauth_version="1.0"'

Example response

    HTTP/1.1 200 OK
    Content-Type: application/json; charset=utf-8
    Content-Length: 127
    ...

    {"access_token":"ACCESS_TOKEN"}

Example error response after token has been invalidated

    HTTP/1.1 401 Authorization Required
    ...

    {"errors": [{
      "code": 89,
      "message": "Invalid or expired token."}
    ]}

Was this document helpful?

Thank you for the feedback. We’re really glad we could help!

Thank you for the feedback. How could we improve this document?

Thank you for the feedback. Your comments will help us improve our documents in the future.