I am developing for the

market, looking for the

API Documentation.

Home

>

API Products

>

United States - Authorize API Documentation

Authorize

Summary

Authorize is our implementation of the OAuth 2.0 framework. It enables secure authorization using standard methods that can easily be integrated in your app. If you're familiar with OAuth 2.0, everything should look familiar. If not, you may want to check out the OAuth 2.0 resources here.

Want to try this API out on our Playground?

Go play now
Endpoints on this page
post /clientCredentials/oauth2/token/us/gcb Client Credentials grant: Retrieve access token
get /authCode/oauth2/authorize Authorization code grant: Retrieve authorization code
post /authCode/oauth2/token/us/gcb Authorization code grant: Retrieve access token
post /authCode/oauth2/refresh Authorization code grant: Refresh access token
post /authCode/oauth2/revoke Authorization code grant: Revoke access

Client Credentials grant: Retrieve access token

post /clientCredentials/oauth2/token/us/gcb
Description

Get access token for your application credentials. You can use this for APIs which do not require customer credential verification and consent (e.g. Onboarding).

Header Parameters
Authorization
string required
HTTP Basic authentication by passing base64 encoded value of the client id and client secret separated by colon (:).Example: Base64(client_id:client_secret) will be passed as Basic KGNsaWVudF9pZDpjbGllbnRfc2VjcmV0KQ==
Content-Type
string required
Value should always be application/x-www-form-urlencoded
FormData Parameters
grant_type
string required
The grant type. Valid value is client_credentials.
scope
string required
The set of scopes requested to make API calls. You can pass multiple values delimted by space
  • cURL
  • Ruby
  • Python
  • PHP
  • Java
  • Node
  • Go
  • Swift

Example Request

Example Request

Example Request

Example Request

Example Request

Example Request

Example Request

Example Request

Responses
200

The request has succeeded
Definitions
  • access_token
    • The access token value received after exchanging the authorization token. This field should be passed as Authorization header in API request calls
    • type : string
  • refresh_token
    • You can use this token to refresh an expired access_token.
    • type : string
  • scope
    • Set of scopes allowed by customer and separated by space
    • type : string
  • token_type
    • Type of the access token issued. This is bearer token for authorization_code grant type
    • type : string
  • expires_in
    • Validity of access token in seconds
    • type : number
Example Response for post /clientCredentials/oauth2/token/us/gcb
{
    "access_token": "AAEkYzFjMDQ0Y2UtNTBmMy00NmY4LWI4YjEtYmQ5ODJkMWZiNGZh3xGP85xjqyxoHR7pXxzQJf223kWPL-HyWHD4zrRCvHZUkeBkTgxppbmpFtmWeVmjzDOxs1wFzI4s45YDS15eYmyuxzLbVog4d8H9pYSelrvL6naDYOLL9U16EaY0iyAMPBGX1H7RhCqtmd-7u_Eanw7QshbruLaZh2stOrdq2thC5CCSwW2r0e8PM1QbWubJOcMp8UGv-zNc0I3cTSihymSCF44HJ_yeuPAcXJ7kj-iPzQqxaO6FiWPmIsIh2YSxdGYo8alTyjJfG5AQDnM0HA",
    "refresh_token": "AAGsyASCzlBplxGvA-5CFCkLhNinu6-0HQt-y7PuzsRLVAHok6yYs6KS2Np4t7bL0R8FMeT62wYXFxxY6F7LU_cc00QTXPfoQFFtay2tu3eGpBAGDg07ll_vNk_AEJo9l1GaEKYev7Q7drDOeRCDRqcD12zJzk36PsQEM6j1txFV2jR3snW5PLs3HVjxNRjUHWLR5IoI2qfb8zCZNahrFCRQ7T7ZVB_-E6Qk22tN3hZkZH7_kB3bZjtVoNxyjJ6qBDcrYdgtAvPvBV-xXDBmfUXD44JBYiZffHjEr2dFb_e3yA",
    "scope": "\/dda\/customer \/dda\/accountlist \/dda\/account \/dda\/accountsdetails \/dda\/account\/transactions",
    "token_type": "bearer",
    "expires_in": 1800
}
400

error
invalid_request
invalid_grant
unsupported_grant_type
unauthorized_client
Definitions
  • error_description
    • Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
    • type : string
  • error
    • If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
    • type : string
    • enum : Array
  • error_uri
    • A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
    • type : string
  • required
    • error
Response Schema for post /clientCredentials/oauth2/token/us/gcb
{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}
401

error
invalid_client
Definitions
  • error_description
    • Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
    • type : string
  • error
    • If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
    • type : string
    • enum : Array
  • error_uri
    • A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
    • type : string
  • required
    • error
Response Schema for post /clientCredentials/oauth2/token/us/gcb
{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}
500

server_error
This operation returns no content.

Authorization code grant: Retrieve authorization code

get /authCode/oauth2/authorize
Description

To retrieve an authorization code, call the authorize endpoint by passing the required query parameters.You should end up with a relative URL similar to the below (illustrative).

/authCode/oauth2/authorize?response_type=code&client_id=[Your client_id issued to you during app registration]&scope=[Space delimited scopes selected from the table below. Only request the scopes required for your app to work.]&countryCode=US&businessCode=GCB&locale=en_US&state=[The state value you create and will verify]&redirect_uri=[The redirect_uri you registered during app registration].

Your final URL should look similar to this, go ahead a try it in any browser if you are unsure if you formed it properly:

https://sandbox.apihub.citi.com/gcb/api/authCode/oauth2/authorize?response_type=code&client_id=97086fae-c252-4d81-b4d9-d73cde5ea800&scope=accounts_details_transaction&countryCode=US&businessCode=GCB&locale=en_US&state=12093&redirect_uri=https://www.test.com

ScopeDescription
pay_with_pointsManage Pay with Points enrollment, look up rewards balances and complete redemptions
accounts_details_transactionsRetrieve a summary of all accounts, account details and transactions

For successful request, citi will return a login page which allows customers to enter their credentials.

Use any of the following credentials.

S.NoUsernamePassword
1SandboxUser1P@ssUser1$
2SandboxUser2P@ssUser2$
3SandboxUser3P@ssUser3$
4SandboxUser4P@ssUser4$
5SandboxUser5P@ssUser5$

Once credentials are verified, a consent page will be presented to the Citi customer to approve the scope requested by your app. After getting customer consent, the flow redirects to the provided redirect_uri and an authorization code will be sent back as a query component.

https://www.test.com/?code=AAJP_jIlIuuIqS-qj0ohfXLaOyhQK9y4bbyhEJWt39l5gWT-1XZmCHtESO2gcbLsPmLlERAAPj80IfLueI4WM8s_Ay1Gy8VtcwFUv8lQE4Svi9hOayu5kBP2OKLhvBwMwrZ_wz5SDHaKN96BdgScYmNEGww0IcV5gH4VBjeOPijN7CxdMRwc2H_w5RnpckbCtS4605BCp5FD0Qho4tYsfcmJ&state=12093

This authorization code is valid for a very short period of time and should be immediately exchanged for access token.

Query Parameters
response_type
string required
Value MUST be set to "code"
client_id
string required
Client ID generated during application registration.
scope
string required
The set of scopes required to make the API calls. Scope is case insensitive and multiple values can be passed using space delimiter.
countryCode
string required
Country code in 2 character ISO 3166 format (upper case)
businessCode
string required
The 3 character business code. Use GCB for consumer banking (upper case)
locale
string required
Locale identify a specific language and geographic region, it shoule follow [language[_territory]. eg - en_US, en_SG
state
string required
Opaque value to maintain the state between request and call back. This will be used to prevent cross-site request forgery.
redirect_uri
string required
Absolute uri for user-agent redirection.You should provide the uri used during client registration process.
  • cURL
  • Ruby
  • Python
  • PHP
  • Java
  • Node
  • Go
  • Swift

Example Request

Example Request

Example Request

Example Request

Example Request

Example Request

Example Request

Example Request

Responses
200

Client Authentication
This operation returns no content.
302

The authorization response contains the authorization code needed to obtain an access token. Here are the parameters included in the response.
success response
field namefield typemandatorydescription
redirect_urilocationyesThis is the absolute uri provided in the request
codequeryyesThe authorization code
statequeryyesThe same value as sent by the client in the state parameter, if any

If an error occurs during authorization, two situations can occur. The first is, that the client is not authenticated or recognized. For instance, a wrong redirect URI was sent in the request. In that case the authorization server must not redirect the resource owner to the redirect URI. Instead it should inform the resource owner of the error. The second situation is that client is authenticated correctly, but that something else failed. In that case the following error response is sent to the client, included in the redirect_uri
failure response
field namefield typemandatorydescription
redirect_urilocationyesThis is the absolute uri provided in the request
statequeryyesThe same value as sent by the client in the state parameter, if any
errorqueryyes
error_descriptionqueryno
error_uriqueryno

Here is the list of errors:
error
invalid_request
unauthorized_client
unsupported_response_type
invalid_scope
access_denied
This operation returns no content.
500

server_error
This operation returns no content.
503

temporarily_unavailable
This operation returns no content.

Authorization code grant: Retrieve access token

post /authCode/oauth2/token/us/gcb
Description

Get an access token issued by calling our token endpoint and passing the authorization code from the previous call. The issued access token will have an expiry, and it will be valid only for the scope for which the consent has been provided by the customer. You can call the APIs by passing this token in Authorization header.
You also get a refresh token that can be used to get a new access token in case the original one expires.

Header Parameters
Authorization
string required
HTTP Basic authentication by passing base64 encoded value of the client id and client secret separated by colon (:).Example: Base64(client_id:client_secret) will be passed as Basic KGNsaWVudF9pZDpjbGllbnRfc2VjcmV0KQ==
Content-Type
string required
Value should always be application/x-www-form-urlencoded
FormData Parameters
grant_type
string required
Authentication grant type. Valid value is authorization_code
code
string required
The code from the response of GET /authCode/oauth2/authorize
redirect_uri
string required
Absolute uri for user-agent redirection. You should provide the uri passed in GET /authCode/oauth2/authorize request
  • cURL
  • Ruby
  • Python
  • PHP
  • Java
  • Node
  • Go
  • Swift

Example Request

Example Request

Example Request

Example Request

Example Request

Example Request

Example Request

Example Request

Responses
200

The request has succeeded
Definitions
  • access_token
    • The access token value received after exchanging the authorization token. This field should be passed as Authorization header in API request calls
    • type : string
  • refresh_token
    • You can use this token to refresh an expired access_token.
    • type : string
  • scope
    • Set of scopes allowed by customer and separated by space
    • type : string
  • token_type
    • Type of the access token issued. This is bearer token for authorization_code grant type
    • type : string
  • expires_in
    • Validity of access token in seconds
    • type : number
Example Response for post /authCode/oauth2/token/us/gcb
{
    "access_token": "AAEkYzFjMDQ0Y2UtNTBmMy00NmY4LWI4YjEtYmQ5ODJkMWZiNGZh3xGP85xjqyxoHR7pXxzQJf223kWPL-HyWHD4zrRCvHZUkeBkTgxppbmpFtmWeVmjzDOxs1wFzI4s45YDS15eYmyuxzLbVog4d8H9pYSelrvL6naDYOLL9U16EaY0iyAMPBGX1H7RhCqtmd-7u_Eanw7QshbruLaZh2stOrdq2thC5CCSwW2r0e8PM1QbWubJOcMp8UGv-zNc0I3cTSihymSCF44HJ_yeuPAcXJ7kj-iPzQqxaO6FiWPmIsIh2YSxdGYo8alTyjJfG5AQDnM0HA",
    "refresh_token": "AAGsyASCzlBplxGvA-5CFCkLhNinu6-0HQt-y7PuzsRLVAHok6yYs6KS2Np4t7bL0R8FMeT62wYXFxxY6F7LU_cc00QTXPfoQFFtay2tu3eGpBAGDg07ll_vNk_AEJo9l1GaEKYev7Q7drDOeRCDRqcD12zJzk36PsQEM6j1txFV2jR3snW5PLs3HVjxNRjUHWLR5IoI2qfb8zCZNahrFCRQ7T7ZVB_-E6Qk22tN3hZkZH7_kB3bZjtVoNxyjJ6qBDcrYdgtAvPvBV-xXDBmfUXD44JBYiZffHjEr2dFb_e3yA",
    "scope": "\/dda\/customer \/dda\/accountlist \/dda\/account \/dda\/accountsdetails \/dda\/account\/transactions",
    "token_type": "bearer",
    "expires_in": 1800
}
400

error
invalid_request
invalid_grant
unsupported_grant_type
unauthorized_client
Definitions
  • error_description
    • Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
    • type : string
  • error
    • If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
    • type : string
    • enum : Array
  • error_uri
    • A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
    • type : string
  • required
    • error
Response Schema for post /authCode/oauth2/token/us/gcb
{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}
401

error
invalid_client
Definitions
  • error_description
    • Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
    • type : string
  • error
    • If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
    • type : string
    • enum : Array
  • error_uri
    • A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
    • type : string
  • required
    • error
Response Schema for post /authCode/oauth2/token/us/gcb
{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}
500

server_error
This operation returns no content.

Authorization code grant: Refresh access token

post /authCode/oauth2/refresh
Description

If your access token has expired and you still have a valid refresh token, you can exchange it for a new set of valid access and refresh tokens.

Header Parameters
Authorization
string required
HTTP Basic authentication by passing base64 encoded value of the client id and client secret separated by colon (:).Example: Base64(client_id:client_secret) will be passed as Basic KGNsaWVudF9pZDpjbGllbnRfc2VjcmV0KQ==
Content-Type
string required
Content type. Value is application/x-www-form-urlencoded
FormData Parameters
grant_type
string required
The grant type. Valid value is refresh_token.
refresh_token
string required
The refresh token issued to the client
  • cURL
  • Ruby
  • Python
  • PHP
  • Java
  • Node
  • Go
  • Swift

Example Request

Example Request

Example Request

Example Request

Example Request

Example Request

Example Request

Example Request

Responses
200

The request has succeeded
Definitions
  • access_token
    • This field should be passed as Authorization header in API request calls
    • type : string
  • refresh_token
    • The refresh token value
    • type : string
  • scope
    • The list of scopes separated by space
    • type : string
  • token_type
    • The token type
    • type : string
  • expires_in
    • The access token expiry time (in seconds)
    • type : number
Example Response for post /authCode/oauth2/refresh
{
    "access_token": "AAEkYzFjMDQ0Y2UtNTBmMy00NmY4LWI4YjEtYmQ5ODJkMWZiNGZh3xGP85xjqyxoHR7pXxzQJf223kWPL-HyWHD4zrRCvHZUkeBkTgxppbmpFtmWeVmjzDOxs1wFzI4s45YDS15eYmyuxzLbVog4d8H9pYSelrvL6naDYOLL9U16EaY0iyAMPBGX1H7RhCqtmd-7u_Eanw7QshbruLaZh2stOrdq2thC5CCSwW2r0e8PM1QbWubJOcMp8UGv-zNc0I3cTSihymSCF44HJ_yeuPAcXJ7kj-iPzQqxaO6FiWPmIsIh2YSxdGYo8alTyjJfG5AQDnM0HA",
    "refresh_token": "AAGsyASCzlBplxGvA-5CFCkLhNinu6-0HQt-y7PuzsRLVAHok6yYs6KS2Np4t7bL0R8FMeT62wYXFxxY6F7LU_cc00QTXPfoQFFtay2tu3eGpBAGDg07ll_vNk_AEJo9l1GaEKYev7Q7drDOeRCDRqcD12zJzk36PsQEM6j1txFV2jR3snW5PLs3HVjxNRjUHWLR5IoI2qfb8zCZNahrFCRQ7T7ZVB_-E6Qk22tN3hZkZH7_kB3bZjtVoNxyjJ6qBDcrYdgtAvPvBV-xXDBmfUXD44JBYiZffHjEr2dFb_e3yA",
    "scope": "\/dda\/customer \/dda\/accountlist \/dda\/account \/dda\/accountsdetails \/dda\/account\/transactions",
    "token_type": "bearer",
    "expires_in": 1800
}
400

error
invalid_request
invalid_grant
unsupported_grant_type
unauthorized_client
Definitions
  • error_description
    • Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
    • type : string
  • error
    • If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
    • type : string
    • enum : Array
  • error_uri
    • A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
    • type : string
  • required
    • error
Response Schema for post /authCode/oauth2/refresh
{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}
401

error
invalid_client
Definitions
  • error_description
    • Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
    • type : string
  • error
    • If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
    • type : string
    • enum : Array
  • error_uri
    • A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
    • type : string
  • required
    • error
Response Schema for post /authCode/oauth2/refresh
{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}
500

server_error
This operation returns no content.

Authorization code grant: Revoke access

post /authCode/oauth2/revoke
Description

The revoke call will terminate the access granted by citi customer to your application.

Header Parameters
Authorization
string required
HTTP Basic authentication by passing base64 encoded value of the client id and client secret separated by colon (:).Example: Base64(client_id:client_secret) will be passed as Basic KGNsaWVudF9pZDpjbGllbnRfc2VjcmV0KQ==
Content-Type
string required
Content type. Value is application/x-www-form-urlencoded
FormData Parameters
token
string required
The token to be revoked
token_type_hint
string required
A hint about the type of the token submitted for revocation. Clients MAY pass this parameter in order to help the authorization server to optimize the token lookup. Valid values are access_token, refresh_token
  • cURL
  • Ruby
  • Python
  • PHP
  • Java
  • Node
  • Go
  • Swift

Example Request

Example Request

Example Request

Example Request

Example Request

Example Request

Example Request

Example Request

Responses
200

The request has succeeded
Definitions
  • status
    • The status of the token revocation request.
    • type : string
Example Response for post /authCode/oauth2/revoke
{
    "status": "success"
}
400

error
invalid_request
invalid_grant
unauthorized_client
unsupported_grant_type
Definitions
  • error_description
    • Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
    • type : string
  • error
    • If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
    • type : string
    • enum : Array
  • error_uri
    • A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
    • type : string
  • required
    • error
Response Schema for post /authCode/oauth2/revoke
{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}
401

error
invalid_client
Definitions
  • error_description
    • Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
    • type : string
  • error
    • If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
    • type : string
    • enum : Array
  • error_uri
    • A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
    • type : string
  • required
    • error
Response Schema for post /authCode/oauth2/revoke
{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}
500

server_error
This operation returns no content.