Revoking a token

The application can revoke an access token that was issued. This means that all permissions that were granted to this token will be revoked.

To do this, send a request to the Yandex.Money OAuth server with the HTTP Authorization header containing the token to be revoked.

The request must be sent using the POST method.

Request example:

POST /api/revoke HTTP/1.1
Host: money.yandex.ru
Authorization: Bearer 410012345678901.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123
Content-Length: 0

In response, the Yandex.Money server returns one of the following HTTP codes:

HTTP response code Description
200 OK The token was revoked successfully.
400 Bad Request

HTTP request does not conform to protocol format. Possible reasons: the request can't be parsed; the HTTP Authorization header is missing or has an invalid value.

401 Unauthorized The specified token does not exist, or has already been revoked.

Successful response example:

HTTP/1.1 200 OK
Content-Length: 0

Example of error response:

HTTP/1.1 400 Bad Request
Content-Length: 0