1. Account Administration
  2. Authentication
  3. OAuth 2.0
  4. OAuth 2.0 for Integration Application Developers
  5. OAuth 2.0 Authorization Code Grant Flow
  6. POST Request to the Revoke Token Endpoint

POST Request to the Revoke Token Endpoint

The application sends the POST request to the revoke token endpoint to revoke the valid refresh token and its associated access tokens.

The format of the URL is:

https://<accountID>.suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/revoke

where <accountID> represents your NetSuite account ID.

Request Parameters for the Revoke Token Request

Request Parameter

Description

token

The value of the token parameter is the value of the refresh token that the application revokes.
Important:

The client authentication method used in the header of the request follows the HTTP Basic authentication scheme. For more information, see RFC 7617. The format is client_id:client_secret. The string value is Base64 encoded. The following code provides an example.

            POST /services/rest/auth/oauth2/v1/revoke HTTP/1.1
Host: <accountID>.suitetalk.api.netsuite.com
Authorization: Basic Njc5NGEzMDg2ZTRmNjFhMTIwMzUwZDAxYjg1MjdhZWQzNjMxNDcyZWYzMzQxMjIxMjQ5NWJlNjVhOGZjOGQ0YzpjZGM3YWMyMjE4M2VmNTAyNGU4MWIwZmNlOGVmNDYxYzQ0ZDU4OTZhMWYxODA1ZDRiMzcyY2E2MWM0ZDMyNmFl
Content-Type: application/x-www-form-urlencoded

token=eyJraWQiOiJzLlNZU1RFTS4yMDIwXzEiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIzOzciLCJhdWQiOlsiNkFDQkQ1MUMtNTE0Qi00RjU5LUIxQzMtQ0IzNUZGN0U5QTZBOzQwMzAwNTkiLCI0Nzc2MWI3NzY1MjJlMTg2ZmNkNzdmMTNjMjVlOGNjZjk5YWY5MDFhNjc4YTY2ZTcwMGIxNjFlZWZlOGZhODhkIl0sInNjb3BlIjpbInJlc3Rfd2Vic2VydmljZXMiLCJyZXN0bGV0cyJdLCJpc3MiOiJodHRwczpcL1wvc3lzdGVtLm5ldHN1aXRlLmNvbSIsIm9pdCI6MTYxMTA2NzY1NSwiZXhwIjoxNjExNjcyNDU1LCJpYXQiOjE2MTEwNjc2NTUsImp0aSI6IjQwMzAwNTkuci41YjMyMzZiOS1mZmVlLTQyZDMtYmQ1Ny00YmU3YjQ0MzlhMzdfMTYxMTA2NzY1NTM1OS4wIn0.BbSQ86Phg6CKLMJ9gJQurs1NK6niSxFzF2EBFT--KFysI2AV9S1llZgxsRNIrMXsDioaepdWsGzrKepJXq25t5Sr7f-jBwTLK9g9SkFAvvEFsVJCYbdA4_BNZkHKlCC-1mA_yFNZWBYPdfCMGDX39iIDd7LVkaj-oPjpnuRnnK1ntNzxHx0coJiXwj3KfOI0PK7xfG1zbVSW14XOlatWbi80MY0ZQCgF41nFs-Rv-a7r-b51mMrm6kKZx-0MXfKRYT60H3gPXCk2QzkKovKy3kBVjajbtVPNS2tF_SbFNWOXJrn4MFzvnnDy0qsxT_Ijy3S5LTgk4YLrlwKv_XoE7A
Note:

If you use public clients you can choose from the following options:

  • The HTTP authorization request header does not contain the Authorization, and the client_id parameter is included in the body of the request, or

  • The HTTP authorization request header contains only the client_id in the Authorization.

Related Topics

General Notices