Revoke Token - FYATU API Docs

Revoke Access Token

curl --request POST \
  --url https://api.fyatu.com/api/v3/auth/revoke \
  --header 'Authorization: Bearer <token>'

{
  "success": true,
  "status": 200,
  "message": "Token revoked successfully",
  "data": {
    "revoked": true
  },
  "meta": {
    "requestId": "req_abc123def456",
    "timestamp": "2026-01-05T10:30:00+00:00"
  }
}

POST

auth

revoke

Revoke Access Token

curl --request POST \
  --url https://api.fyatu.com/api/v3/auth/revoke \
  --header 'Authorization: Bearer <token>'

{
  "success": true,
  "status": 200,
  "message": "Token revoked successfully",
  "data": {
    "revoked": true
  },
  "meta": {
    "requestId": "req_abc123def456",
    "timestamp": "2026-01-05T10:30:00+00:00"
  }
}

Overview

Invalidate an access token before it naturally expires. Use this when:

User logs out of your application
You detect suspicious activity
Credentials may have been compromised
Token is no longer needed

When to Revoke Tokens

User Logout

When a user explicitly logs out, revoke their token to prevent unauthorized access.

async function logout() {
  await fetch('https://api.fyatu.com/api/v3/auth/revoke', {
    method: 'POST',
    headers: { 'Authorization': `Bearer ${currentToken}` }
  });
  localStorage.removeItem('fyatu_token');
}

Security Incident

If you suspect a token has been compromised, revoke it immediately.

async function handleSecurityIncident(compromisedToken) {
  await fetch('https://api.fyatu.com/api/v3/auth/revoke', {
    method: 'POST',
    headers: { 'Authorization': `Bearer ${compromisedToken}` }
  });
  // Get a fresh token with new credentials
}

Credential Rotation

When rotating API credentials, revoke existing tokens first.

Error Codes

Code	Description
`AUTH_TOKEN_MISSING`	No Authorization header provided
`AUTH_TOKEN_INVALID`	Token is malformed or already expired

Once a token is revoked, it cannot be used for any API requests. Any in-flight requests using the revoked token may fail.

After revoking a token, immediately clear it from your application’s storage to prevent accidental reuse.

Authorizations

Authorization

string

header

required

JWT access token obtained from /auth/token

Response

Token revoked successfully

success

boolean

Example:

true

status

integer

Example:

200

message

string

Example:

"Token revoked successfully"

data

object

Show child attributes

Documentation Index

​Overview

​When to Revoke Tokens

​Error Codes

Authorizations

Response

Overview

When to Revoke Tokens

Error Codes