Revoke Token by ID

JFrog REST APIs

Products
JFrog Xray
Content Type
REST API
ft:sourceType
Paligo

Description: Revoke an access token by specifying the token_id

Since: 7.21.1

Security: Requires a valid token.

Usage: DELETE /access/api/v1/tokens/my-id-is-here

Note

From Artifactory release 7.53.1, you can also use this API not only with the token-id but also with me to indicate the currently used token.

Produces: application/json

Sample Usage:

curl -H "Authorization: Bearer <valid access token>" -XDELETE "http://localhost:8082/access/api/v1/tokens/7e0eec..."  
 
200 OK

This endpoint can take either of the following parameters:

token_id

The ID of the token to be revoked

Note

  • A user can only revoke tokens on which the user is based on their username.

  • An admin user can revoke any token.

  • A token can be used to authenticate a revoke request where the target token ID is of the token being used for authentication.

  • If the token ID is not found (e.g., already revoked) - return 204.

Errors:

  • 400 - If the token was created by a different Artifactory instance (and therefore cannot be revoked)

  • 401- Unauthenticated

  • 403 - The authenticated principal has no permissions to revoke the requested token