GET Revoke/Token

Revokes the caller's Token Auth grant and blocks the ability to make Web SDK calls. This method also invalidates the refresh token. To get another grant, call an Authorize method, such as POST Authorize/OAuth.


  • Permissions: The caller must have Access permission to the REST API. For more information, see Confirming service status.
  • Token scope:  Configuration:Manage


  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.


None. However, in the request URL, specify vedauth. For example, GET https://tpp.venafi.example/vedauth/Revoke/token.


Returns HTTP 200 and a message regarding revoked scopes and privileges. If the token in the header is missing, Revoke/Token returns HTTP 202 and [token] not found.

Example: Revoke the caller's access token


GET https://tpp.venafi.example/vedauth/Revoke/token
Authorization:Bearer 4MyGeneratedBearerTknz==


HTTP/1.1 200 OK 
Grant for identity [caller identity] with scope [scopes and privileges] has been revoked