Documentation

OAuth 2.0

Revoking Tokens

Revoking a refresh token changes the authorization state to revoked for the client and alias associated with a refresh token. A revoked refresh token will no longer grant new access tokens.

The client sends a POST request to https://www.pandora.com/oauth/v1/revoke with the content type application/x-www-form-urlencoded and the values.

Parameter Description Type Example Required
token The refresh token to revoke string "eyJ6aXAiOiJERUYiLC
JraWQiOiJlbmMxNTEy
NDE0ODM5IiwiY3R5Ij
VZ0-bT-PbDSehO_4Cn
Ty3fRXbiuQFKCI5Zau
ccidVCRN-dFGwHPLKH
IUQyud0.if2rmJFUJk
UDrFvbl44_vw"		 Yes

Additionally, the client should include a basic authentication header that looks like the following:

Authorization: Basic Base64Encode(client_id:client_secret)

A 200 status code will be returned regardless of whether any tokens were revoked or not.