/v2/authorizations/revoke

POST /v2/authorizations/revoke

With this API call, a merchant can cancel the access token that is obtained from the response of the /v2/authorizations/applyToken API.

Note: After cancellation, the refresh token cannot be used even if it is valid.

Structure

A message consists of a header and body. The following sections are focused on the body structure. For the header structure, see:

Request parameters

Field

Data type

Required

Description

Example

appId

String

Yes

Indicates the unique ID assigned by Mini Program Platform to identify a mini program.

  • Maximum length: 32 characters
  • Characters not allowed: special characters such as @ # ?

Note: Obtain this field via the my.getAppIdSync JSAPI or Mini Program Platform.

"3333010071465913xxx"

accessToken

String 

Yes

The access token is used to access user information. For the specific information that can be accessed, see the my.getAuthCode JSAPI.

  • Maximum length: 128 characters
  • Characters not allowed: special characters such as @ # ?

Note: Obtained this field via the /v2/authorizations/applyToken API.

"281010033AB2F588D14B43238637264FCA5AAF35xxxx"

authClientId 

String 

Yes

Indicates the unique ID assigned by the super app to identify an authorized merchant.

  • Maximum length: 128 characters
  • Characters not allowed: special characters such as @ # ? .

"202016726873874774774xxxx"

extendInfo

String

No

Indicates the extended information about this API.

  • Maximum length: 4096 characters
  • Characters not allowed: special characters such as @ # ?
  • Can be Null.
copy
{
    "memo": "memo"
}

Response parameters

Field

Data type

Required

Description

Example

result

Result

Yes

Indicates the request result such as status and error codes.

copy
{
  "resultCode": "SUCCESS",
  "resultStatus": "S",
  "resultMessage": "success"
}

extendInfo

String

No

Indicates the extended information about this API.

  • Maximum length: 4096 characters
  • Characters not allowed: special characters such as @ # ?
  • Can be Null.
copy
{
    "memo": "memo"
}

Result process logic

In the response, the result.resultStatus field indicates the result of processing a request. The following table describes each result status:

Result Status

Description 

S

The authorization is canceled successfully.

This means that authorized merchants can neither use access token to access user data nor use refresh token to obtain a new access token.

The corresponding result.resultCode is SUCCESS and the result.resultMessage is SUCCESS.

U

The status of the authorization cancellation is unknown. 

The corresponding result.resultCode is UNKNOWN_EXCEPTION and result.resultMessage is "An API calling is failed, which is caused by unknown reasons.".

For details, see the Common error codes section.

F

The cancellation of authorization is failed. The authorized merchant may guide the user to try again. 

The corresponding result.resultCode and result.resultMessage are various based on different situations. For details, see the following Error codes section.

Error codes

Error codes are usually classified into the following categories:

  • Common error codes are common for all Mini Program OpenAPIs in V2.  
  • API-specific error codes are listed in the following table.

Error code

Result status

Error message

Further action

INVALID_AUTH_CLIENT_STATUS

F

The merchant status is invalid.

Contact technical support to troubleshoot the issue.

INVALID_AUTH_CLIENT

F

Either the authorized merchant does not exist or the merchant does not onboard to the native app.

Use a valid authClientId assigned by the super app.

INVALID_ACCESS_TOKEN

F

The access token is invalid.

Obtain a new access token with refresh token via the /v2/authorizations/applyToken API and then request to cancel the access token again.

EXPIRED_ACCESS_TOKEN

F

The access token is expired.

Obtain a new access token with refresh token via the /v2/authorizations/applyToken API and then request to cancel the access token again.

Samples

The data flow to cancel an access token is illustrated as below:

image

  1. When the user wants to cancel the authorization, the mini program sends the cancellation request to the merchant server.
  2. The merchant server calls this API to request the super app to cancel the access token.
  3. Then the super app server processes the request and returns the cancellation result to the merchant server.
  4. The merchant server returns the cancellation result to the mini program. Then the user successfully cancels the authorization.

Request

copy
{
  "appId": "3333010071465913xxx",
  "accessToken": "281010033AB2F588D14B43238637264FCA5AAF35xxxx",
  "authClientId": "202016726873874774774xxxx"
}

The mini program (3333010071465913xxx) sends a cancellation request to the merchant (202016726873874774774xxxx) to cancel the access token (281010033AB2F588D14B43238637264FCA5AAF35xxxx).

Response

copy
{
 "result": {
    "resultCode":"SUCCESS",
    "resultStatus":"S",
    "resultMessage":"success"
  }
}

result.resultStatus is S, which means the request to cancel the access token is successful.

Related links

my.getAuthCode

my.getAppIdSync

/v2/authorizations/applyToken