Table of Contents

Revoke user tokens

Overview

If your users want to disconnect their integration with a Reckon product, your application will need to revoke the latest refresh_token and access_token that you have obtained for them.

The users can also access the Identity Server Permission page to revoke your access manually. However, we highly recommend third-party app providers to have the revocation feature as part of Disconnect from Reckon Product/s function.

You will need to send two calls to Reckon Identity Server:

  1. Send the access_token in the first payload's body
    1. token: {{access_token value}}
    2. token_type_hint: access_token
  2. Send the refresh_token in the second payload's body
    1. token: {{refresh_token value}}
    2. token_type_hint: refresh_token

Endpoint

https://identity.reckon.com/connect/revocation


Headers

Key

Value

Authorization

Basic {{encoded clientId:clientSecret}}

Content-Type

application/x-www-form-urlencoded


Body

Key

Value

token

  1. access_token value (in your first payload)
  2. refresh_token value (in your second payload)

token_type_hint

  1. access_token OR
  2. refresh_token


Screenshots

access_token

access_token screenshot


refresh_token

refresh_token screenshot


Response

If your request was approved, you will receive a 200 OK response.

You can learn more about it by visiting IdentityServer3 documentation.

How did we do?

Authorisation Services Overview

Auth Services - FAQ

Related Articles

Powered by HelpDocs (opens in a new tab)

Powered by HelpDocs (opens in a new tab)