Skip to main content
POST
/
oauth
/
revoke
curl -X POST 'https://api.resend.com/oauth/revoke' \
     -H 'Content-Type: application/x-www-form-urlencoded' \
     -d 'client_id=550e8400-e29b-41d4-a716-446655440000&token=JcL7aYfE7S9h3L4qv0o2e1w8m6n5b3x9RkP2tD4uV6Q&token_type_hint=refresh_token'
HTTP/1.1 200 OK
RFC 7009 token revocation. Revoking a refresh token revokes the entire grant: every access and refresh token issued under it stops working. Access tokens can’t be revoked individually. Revoke the grant’s refresh token instead. Per RFC 7009, this endpoint always returns 200 with an empty body.

Body Parameters

token
string
required
The refresh token to revoke.
client_id
string
required
token_type_hint
string
Optional per RFC 7009. If set to "access_token", the request fails: access token revocation isn’t supported. Any other value (including "refresh_token") is accepted and ignored. Unknown hints don’t affect behavior.
curl -X POST 'https://api.resend.com/oauth/revoke' \
     -H 'Content-Type: application/x-www-form-urlencoded' \
     -d 'client_id=550e8400-e29b-41d4-a716-446655440000&token=JcL7aYfE7S9h3L4qv0o2e1w8m6n5b3x9RkP2tD4uV6Q&token_type_hint=refresh_token'
HTTP/1.1 200 OK

Errors

StatuserrorWhen
400invalid_requesttoken or client_id is missing, or token_type_hint is "access_token".
401invalid_clientUnknown or disabled client_id.