Revoke tokenSignature required
The revokeToken API is used by applications to revoke the access token of a specific account holder. After the revocation, the access token becomes invalid and cannot be used for authorization.
Note: Revoking the access token also revokes the refresh token.
Structure
A message consists of a header and body. The following sections are focused on the body structure. For the header structure, see:
Request parameters
token String REQUIRED
The value of the access token that is to be revoked.
More information about this field
- Maximum length: 128 characters
tokenType String REQUIRED
The token type. The valid value is:
ACCESS_TOKEN: indicates that the token type is access token.
More information about this field
- Maximum length: 128 characters
Response parameters
result Result object REQUIRED
The result of the API call, including the result status, result code and result message.
cancelTime DateTime CONDITIONAL
The time to revoke the access token.
Note: This parameter is returned on demand only when result.resultStatus =
S.
More information about this field
- The value follows the ISO 8601 standard format. For example, "2019-11-27T12:01:01+08:00".
Request
Response
Result processing logic
After calling the API, WorldFirst returns a response. The responses for result.resultStatus are:
Result status Description S This indicates the API call succeeded. F This indicates the API call failed. For more information on why the call failed, see result.resultCode. U This indicates the API call result is unknown. A partner can make a query when the returned status is If none of the queries is successful, contact WorldFirst Technical SupportUNKNOWN. Use the following query strategy:
Result/Error codes
| Code | Value | Message | Further action |
|---|---|---|---|
| SUCCESS | S | Success | |
| PROCESS_FAIL | F | A general business failure occurred. Do Not retry. | Human intervention is usually needed. It is recommended that you contact our Technical Support Team to resolve the issue. |
| PARAM_ILLEGAL | F | Illegal parameters exist. For example, a non-numeric input, or an invalid date. | Check and verify whether the request fields (e.g., requestId), including the header fields and body fields, are correct and valid. For details on the fields of each API, see the specific API Structure section. |
| INVALID_API | F | The called API is invalid or not active. | Check whether the correct API is being called. |
| INVALID_CLIENT | F | The client is invalid. | The client ID does not exist or is invalid. |
| INVALID_SIGNATURE | F | The signature is invalid. | Ensure the request is properly signed with a valid signature. |
| METHOD_NOT_SUPPORTED | F | The server does not implement the requested HTTP method. | Ensure the HTTP method is |
| UNKNOWN_EXCEPTION | U | The API call is failed, which is caused by unknown reasons. | The service might be down, retry later. If the issue persists, contact the WorldFirst Technical Support Team. |
| UN_SUPPORT_BUSINESS | F | Unsupported business. | Ensure that all the request parameters are correct and try to call the API again. |
| AUTHORIZATION_NOT_EXIST | F | The authorization does not exist. | Make sure that the input is correct. If the issue persists, contact our Technical Support Team to verify the authorization status. |
| ACCESS_TOKEN_EXPIRED | F | The access token is expired. | Call the refreshToken API to refresh the access token or contact the WorldFirst Technical Support Team. |