Skip to main content
POST
/
auth
/
revoke
Revoke Access Token
curl --request POST \
  --url https://api.fyatu.com/api/v3/auth/revoke \
  --header 'Authorization: Bearer <token>'
{
  "success": true,
  "status": 200,
  "message": "Token revoked successfully",
  "data": {
    "revoked": true
  },
  "meta": {
    "requestId": "req_abc123def456",
    "timestamp": "2026-01-05T10:30:00+00:00"
  }
}

Overview

Invalidate an access token before it naturally expires. Use this when:
  • User logs out of your application
  • You detect suspicious activity
  • Credentials may have been compromised
  • Token is no longer needed

When to Revoke Tokens

When a user explicitly logs out, revoke their token to prevent unauthorized access.
async function logout() {
  await fetch('https://api.fyatu.com/api/v3/auth/revoke', {
    method: 'POST',
    headers: { 'Authorization': `Bearer ${currentToken}` }
  });
  localStorage.removeItem('fyatu_token');
}
If you suspect a token has been compromised, revoke it immediately.
async function handleSecurityIncident(compromisedToken) {
  await fetch('https://api.fyatu.com/api/v3/auth/revoke', {
    method: 'POST',
    headers: { 'Authorization': `Bearer ${compromisedToken}` }
  });
  // Get a fresh token with new credentials
}
When rotating API credentials, revoke existing tokens first.

Error Codes

CodeDescription
AUTH_TOKEN_MISSINGNo Authorization header provided
AUTH_TOKEN_INVALIDToken is malformed or already expired
Once a token is revoked, it cannot be used for any API requests. Any in-flight requests using the revoked token may fail.
After revoking a token, immediately clear it from your application’s storage to prevent accidental reuse.

Authorizations

Authorization
string
header
required

JWT access token obtained from /auth/token

Response

Token revoked successfully

success
boolean
Example:

true

status
integer
Example:

200

message
string
Example:

"Token revoked successfully"

data
object
meta
object