> ## Documentation Index
> Fetch the complete documentation index at: https://docs.profy.cn/llms.txt
> Use this file to discover all available pages before exploring further.

# 撤销 Token

> Supports both application/json and application/x-www-form-urlencoded. Revokes the given refresh token; if the token is already invalid, still returns 200.

撤销一个 refresh token，使其立即失效。遵循 [RFC 7009](https://datatracker.ietf.org/doc/html/rfc7009)。

```bash theme={null}
curl --request POST \
  --url https://app.profy.cn/oauth/revoke \
  --header 'Content-Type: application/json' \
  --data '{
    "token": "要撤销的 refresh_token",
    "client_id": "你的应用 UUID",
    "client_secret": "你的应用密钥"
  }'
```

<Note>
  即使 token 已过期或无效，接口也会返回 200，不会报错。
</Note>


## OpenAPI

````yaml POST /oauth/revoke
openapi: 3.0.0
info:
  title: Profy App API
  version: 1.0.0
  description: OAuth 2.0 and Events API for Profy App integrations.
servers:
  - url: https://app.profy.cn
    description: Production
security: []
paths:
  /oauth/revoke:
    post:
      tags:
        - OAuth
      summary: Revoke a refresh token (RFC 7009)
      description: >-
        Supports both application/json and application/x-www-form-urlencoded.
        Revokes the given refresh token; if the token is already invalid, still
        returns 200.
      operationId: postOAuthRevoke
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                token:
                  type: string
                  description: The refresh token to revoke
                client_id:
                  type: string
                  description: Your application UUID
                client_secret:
                  type: string
                  description: Your application secret (plaintext)
              required:
                - token
                - client_id
                - client_secret
          application/x-www-form-urlencoded:
            schema:
              type: object
              properties:
                token:
                  type: string
                client_id:
                  type: string
                client_secret:
                  type: string
              required:
                - token
                - client_id
                - client_secret
      responses:
        '200':
          description: Token revoked (or already invalid)
          content:
            application/json:
              schema:
                type: object
                properties:
                  code:
                    type: number
                    example: 0
                  message:
                    type: string
                    example: ok
                  data:
                    nullable: true
                required:
                  - code
        '400':
          description: Missing required fields
          content:
            application/json:
              schema:
                type: object
                properties:
                  code:
                    type: number
                    example: 0
                  message:
                    type: string
                    example: ok
                  data:
                    nullable: true
                required:
                  - code

````