/v2/authorizations/revoke
POST /v2/authorizations/revoke
The revoke
Ā API is used to cancel an access token at wallets.
Message structure
A message consists of a header and body. The following sections are focused on the body structure. For the header structure, seeļ¼
Request
Property | Data type | Required | Description | Example |
accessToken | StringĀ | Yes | An access token that can be used to access the user resource scope. Max. length: 128 characters. | "281010033AB2F588D14B43238637264FCA5AAF35xxxx" |
authClientIdĀ | StringĀ | No | The unique identifier allocated for a client. Max. length: 128 characters. | "202016726873874774774xxxx" |
extendInfo | String | No | TheĀ extended information that wallets and merchants want to describe. Max. length: 4096 characters. | copy
|
Response
Property | Data type | Required | Description | Example |
result | Yes | The request result, which contains information related to the request result, such as status and error codes. | { "resultCode":"SUCCESS", "resultStatus":"S", "resultMessage":"success" } | |
extendInfo | String | No | TheĀ extended information that wallets and merchants want to describe. Max. length: 4096 characters. | copy
|
Result process logic
In the response, the result.resultStatus
field indicates the result of processing a request as follow:
resultStatus | DescriptionĀ |
S | The authorization is canceled successfully. AuthClient cannot use the AccessToken to access user's resources, and may not use the relative refreshToken to retrieve new AccessToken. The corresponding |
U | The API statusĀ is unknown.Ā It means thatĀ authorization is failed toĀ cancel, and AuthClient may guide the user to try again.Ā The corresponding For details, see the Common error codes section. |
F | It means that authorization is failed toĀ cancel, and AuthClient may guide the user to try again.Ā The corresponding |
Error codes
Error codes are usually classified into the following categories:
- Common error codes are common for all Mini Program OpenAPIs. Ā
- API-specific error codes are listed in the following table.
resultStatus | resultCode | resultMessage | Further Action |
F | INVALID_AUTH_CLIENT_STATUS | Invalid auth client status. | |
F | INVALID_ACCESS_TOKEN | The access token is invalid. | |
F | INVALID_AUTH_CLIENT | The auth client id is invalid.Ā | |
F | EXPIRED_ACCESS_TOKEN | The access token is expired. | |
F | EXPIRED_AGENT_TOKEN | The access token of mini program is expired. | |
F | INVALID_AGENT_TOKEN | The access token of mini program is invalid. |
Sample
You can cancel the authorization. After cancellation, the refreshToken cannot be used even if it is valid.
When users cancel an access token from the mini program,
- The merchant server calls the
revoke
Ā interface to cancel an access token (Step 2). - And the wallet server returns the token cancellation result to the merchant server (Step 3).
Request
{
"accessToken": "281010033AB2F588D14B43238637264FCA5AAF35xxxx",
"authClientId": "202016726873874774774xxxx"
}
Response
{
"result": {
"resultCode":"SUCCESS",
"resultStatus":"S",
"resultMessage":"success"
}
}