Skip to main content

Revoke a JWT

POST 

/auth/revoke

Marks the provided JWT as revoked in the database. Once revoked, the token is rejected by all plugin endpoints that check for revocation (autologin, validate, refresh, etc.).

JWT delivery The JWT to revoke can be passed via:

  • JWT field in the request body
  • Authorization: Bearer <token> header (when enabled in plugin General Settings)

Requirements

  • Token revocation must be enabled in the plugin settings.
  • The JWT must be structurally valid (it does not need to be un-expired).
  • If "Authentication Requires Auth Code" is enabled, AUTH_KEY must be provided.

Request

Responses

Token revoked successfully.