Revoking an API Refresh Token
Users can always revoke one or all of their refresh tokens. (For example, a user might revoke a refresh token that was never copied to a secure location). To revoke a refresh token, you need a valid access token. For help, see Generating an Access Token from a Refresh Token.
Note:Consider the following:
| • | Any access token that was generated with the revoked refresh token remains valid until its expiration. |
| • | A revoked refresh token cannot be used to generate new access tokens (and can thus be discarded). |
| • | A revoked refresh token is no longer returned in the list of your refresh tokens (see Obtaining List of All Your Refresh Tokens). |
Revoking a Single Refresh Token
Use these steps to revoke a single refresh token belonging to you.
To revoke a single refresh token:
| 1. | Obtain the ID of the refresh token that you want to revoke. For help, see Obtaining List of All Your Refresh Tokens. |
| 2. | Execute the following command, replacing <your access token> with a valid access token and <refresh token ID> with the ID of token you are revoking: |
curl -s -X DELETE -H "Authorization: Bearer <your access token>" https://api.flexera.com/iam/v1/refresh-tokens/<refresh token ID>
Revoking All Refresh Tokens
Use this step to revoke all your refresh tokens.
To revoke all your refresh tokens:
Execute the following command, replacing <your access token> with a valid access token:
curl -s -X DELETE -H "Authorization: Bearer <your access token>" https://api.flexera.com/iam/v1/refresh-tokens