Invalidate a token | Elasticsearch API documentation (v8)

application/json

BodyRequired

tokenstring
An access token. This parameter cannot be used if any of refresh_token, realm_name, or username are used.
refresh_tokenstring
A refresh token. This parameter cannot be used if any of refresh_token, realm_name, or username are used.
realm_namestring
usernamestring

Responses

200 application/json
Hide response attributes Show response attributes object
- error_countnumber Required
  The number of errors that were encountered when invalidating the tokens.
- error_detailsarray[object]
  Details about the errors. This field is not present in the response when error_count is 0.
  Hide error_details attributes Show error_details attributes object
  typestring Required
  The type of error
  reasonstring
  A human-readable explanation of the error, in English.
  stack_tracestring
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  caused_byobject
  root_causearray[object]
  suppressedarray[object]
- invalidated_tokensnumber Required
  The number of the tokens that were invalidated as part of this request.
- previously_invalidated_tokensnumber Required
  The number of tokens that were already invalidated.

DELETE /_security/oauth2/token

curl \
 --request DELETE 'http://api.example.com/_security/oauth2/token' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n  \"token\" : \"dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==\"\n}"'

Request examples

Run `DELETE /_security/oauth2/token` to invalidate an access token.

{
  "token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ=="
}

Run `DELETE /_security/oauth2/token` to invalidate a refresh token.

{
  "refresh_token" : "vLBPvmAB6KvwvJZr27cS"
}

Run `DELETE /_security/oauth2/token` to invalidate all access tokens and refresh tokens for the `saml1` realm.

{
  "realm_name" : "saml1"
}

Run `DELETE /_security/oauth2/token` to invalidate all access tokens and refresh tokens for the user `myuser` in all realms.

{
  "username" : "myuser"
}

Run `DELETE /_security/oauth2/token` to invalidate all access tokens and refresh tokens for the user `myuser` in the `saml1` realm.

{
  "username" : "myuser",
  "realm_name" : "saml1"
}

Response examples (200)

A partially successful response from `DELETE /_security/oauth2/token`. The response includes the number of the tokens that were invalidated, the number of errors that were encountered when invalidating the tokens, and details about these errors.

{
  "invalidated_tokens":9, 
  "previously_invalidated_tokens":15, 
  "error_count":2, 
  "error_details":[ 
    {
      "type":"exception",
      "reason":"Elasticsearch exception [type=exception, reason=foo]",
      "caused_by":{
        "type":"exception",
        "reason":"Elasticsearch exception [type=illegal_argument_exception, reason=bar]"
      }
    },
    {
      "type":"exception",
      "reason":"Elasticsearch exception [type=exception, reason=boo]",
      "caused_by":{
        "type":"exception",
        "reason":"Elasticsearch exception [type=illegal_argument_exception, reason=far]"
      }
    }
  ]
}