POST oauth/invalidate_token

Allows a registered application to revoke an issued OAuth access_token by presenting its client credentials. Once an access_token has been invalidated, new creation attempts will yield a different Access Token and usage of the invalidated token will no longer be allowed.

Resource URL

https://api.twitter.com/oauth/invalidate_token

Resource Information

Response formats JSON
Requires authentication? Yes
Rate limited? Yes

Parameters

Name Required Description
access_token required The access_token of user to be invalidated
access_token_secret required The access_token_secret of user to be invalidated

Example request:

curl --request POST 
  --url 'https://api.twitter.com/1.1/oauth/invalidate_token.json?access_token=ACCESS_TOKEN&access_token_secret=ACCESS_TOKEN_SECRET' 
  --header 'authorization: OAuth oauth_consumer_key="CLIENT_KEY",
 oauth_nonce="AUTO_GENERATED_NONCE", oauth_signature="AUTO_GENERATED_SIGNATURE",
 oauth_signature_method="HMAC-SHA1", oauth_timestamp="AUTO_GENERATED_TIMESTAMP",
 oauth_token="ACCESS_TOKEN", oauth_version="1.0"'

Example response:

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 127
...

{"access_token":"ACCESS_TOKEN"}

Example error response after token has been invalidated:

  HTTP/1.1 401 Authorization Required
  ...

  {"errors": [
{"code": 89,"message": "Invalid or expired token."}
]}