Token RevocationDeprecated
This section includes information around Stitch products and features that are now deprecated. Deprecated aspects of Stitch's plaform are no longer being supported or improved upon.
If you are currently using a deprecated Stitch product, please consider upgrading to one of our newer and equivalent offerings.
In the event a user requests to be removed from your system, we strongly recommend that you revoke all refresh and access tokens associated with that user before their data is deleted.
The next step entails revoking an API token using the https://secure.stitch.money/connect/revocation endpoint.
To revoke a token, make a POST request to the endpoint, with a content type of application/x-www-form-urlencoded
and
the following fields in the body:
Parameter | Description |
---|---|
client_id | This is a unique ID that will be issued to you by a Stitch engineer. It will be the same as the client_id used in previous steps |
token | The token you wish to revoke |
token_type_hint | For the purposes of revoking the token, should either be "access_token" or "refresh_token" |
client_secret | The value of your client_secret |
Revoking a Token Using cURL
This example bash script uses cURL to revoke a refresh token.
You'll need to replace the clientId
, token
, tokenType
and client_secret
with the appropriate values. This request
if correctly formed, will return an empty body with a 200 response code.
clientId='test-18fbd892-3b73-43c3-a854-c6f78c681349'
token='DH7-TaofOSCFlsQwZAeEfmap1eXPeH7nmeOMtDJhdOw'
tokenType='refresh_token'
clientSecret='<your client secret>'
curl -X POST \
https://secure.stitch.money/connect/revocation \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d "client_Id=$clientId&token=$token&token_type_hint=$tokenType&client_secret=$clientSecret"
Revoking a Token Using JavaScript and the Fetch API
The Javascript function below uses fetch
to retrieve the client access token. You'll need to pass in appropriate
values for clientId
, token
, tokenType
, and clientSecret
to the function revokeUserToken
async function revokeUserToken(clientId, token, tokenType, clientSecret) {
const body = {
client_id: clientId,
token: token,
token_type_hint: tokenType,
client_secret: clientSecret,
};
const bodyString = Object.entries(body)
.map(([k, v]) => `${k}=${encodeURIComponent(v)}`)
.join("&");
const response = await fetch(
"https://secure.stitch.money/connect/revocation",
{
method: "post",
headers: { "Content-Type": "application/x-www-form-urlencoded" },
body: bodyString,
},
);
const responseStatus = response.status;
console.log("Response Status Code: ", responseStatus);
return responseStatus;
}