> ## Documentation Index
> Fetch the complete documentation index at: https://docs.endaoment.org/llms.txt
> Use this file to discover all available pages before exploring further.

# Revoke access token

> Revokes an access or refresh token issued by the Endaoment auth server.

Call from your backend during logout or when rotating credentials. Requires the same client credentials used for token exchange.



## OpenAPI

````yaml https://api.endaoment.org/oas-json post /token/revocation
openapi: 3.0.0
info:
  title: Endaoment API
  description: >-
    The official Endaoment API endpoints. Dev (canary) = newest features;
    Staging (stable) = pre-production.
  version: 0.0.0-dev
  contact: {}
servers:
  - url: https://api.endaoment.org
    description: Production
security: []
tags:
  - name: Partner Endpoints
    description: Tech-platform partner server-to-server APIs
  - name: Authentication
    description: OAuth callers, API keys, and session verification
  - name: Funds
    description: Donor-advised fund lifecycle
  - name: Donations
    description: Donation pledges, supported assets, and impact totals
  - name: Portfolios
    description: Investment portfolio catalog
  - name: Nonprofit Organizations
    description: Nonprofit lookup, subprojects, and missing-org intake
  - name: Grant Transfers
    description: Grant and entity transfers
  - name: Collaboration
    description: Collaborator recommendations and fund collaboration
  - name: Activity
    description: Public and scoped activity feeds
paths:
  /token/revocation:
    servers:
      - url: https://auth.endaoment.org
        description: Production
      - url: https://auth.dev.endaoment.org
        description: Development
      - url: https://auth.staging.endaoment.org
        description: Staging
    post:
      tags:
        - Authentication
      summary: Revoke access token
      description: >-
        Revokes an access or refresh token issued by the Endaoment auth server.


        Call from your backend during logout or when rotating credentials.
        Requires the same client credentials used for token exchange.
      operationId: OAuthController_revokeToken
      requestBody:
        required: true
        content:
          application/x-www-form-urlencoded:
            schema:
              $ref: '#/components/schemas/OAuthTokenRevocationRequestDto'
      responses:
        '200':
          description: Token revoked (or already invalid)
        '401':
          description: Invalid client credentials
      security:
        - OAuthClientCredentials: []
components:
  schemas:
    OAuthTokenRevocationRequestDto:
      type: object
      required:
        - token
      properties:
        token:
          type: string
          description: Access or refresh token to revoke.
        token_type_hint:
          type: string
          enum:
            - access_token
            - refresh_token
        client_id:
          type: string
        client_secret:
          type: string
  securitySchemes:
    OAuthClientCredentials:
      type: http
      scheme: basic
      description: OAuth client ID and secret as HTTP Basic credentials.

````