> ## Documentation Index
> Fetch the complete documentation index at: https://docs.profy.cn/llms.txt
> Use this file to discover all available pages before exploring further.

# Revoke Token

> Supports both application/json and application/x-www-form-urlencoded. Revokes the given refresh token; if the token is already invalid, still returns 200.

Revoke a refresh token, making it immediately invalid. Follows [RFC 7009](https://datatracker.ietf.org/doc/html/rfc7009).

```bash theme={null}
curl --request POST \
  --url https://app.profy.cn/oauth/revoke \
  --header 'Content-Type: application/json' \
  --data '{
    "token": "refresh-token-to-revoke",
    "client_id": "your-app-uuid",
    "client_secret": "your-app-secret"
  }'
```

<Note>
  Returns 200 even if the token is already expired or invalid.
</Note>


## OpenAPI

````yaml POST /oauth/revoke
openapi: 3.0.0
info:
  title: Profy App API
  version: 1.0.0
  description: OAuth 2.0 and Events API for Profy App integrations.
servers:
  - url: https://app.profy.cn
    description: Production
security: []
paths:
  /oauth/revoke:
    post:
      tags:
        - OAuth
      summary: Revoke a refresh token (RFC 7009)
      description: >-
        Supports both application/json and application/x-www-form-urlencoded.
        Revokes the given refresh token; if the token is already invalid, still
        returns 200.
      operationId: postOAuthRevoke
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                token:
                  type: string
                  description: The refresh token to revoke
                client_id:
                  type: string
                  description: Your application UUID
                client_secret:
                  type: string
                  description: Your application secret (plaintext)
              required:
                - token
                - client_id
                - client_secret
          application/x-www-form-urlencoded:
            schema:
              type: object
              properties:
                token:
                  type: string
                client_id:
                  type: string
                client_secret:
                  type: string
              required:
                - token
                - client_id
                - client_secret
      responses:
        '200':
          description: Token revoked (or already invalid)
          content:
            application/json:
              schema:
                type: object
                properties:
                  code:
                    type: number
                    example: 0
                  message:
                    type: string
                    example: ok
                  data:
                    nullable: true
                required:
                  - code
        '400':
          description: Missing required fields
          content:
            application/json:
              schema:
                type: object
                properties:
                  code:
                    type: number
                    example: 0
                  message:
                    type: string
                    example: ok
                  data:
                    nullable: true
                required:
                  - code

````