New Security Enhancements for Revoking Access Tokens

Jonathan LeBlanc
Sep 18, 2019 · 2 min read
Image for post
Image for post
Token Revocation API Documentation at

We’re happy to announce new enhancements around how you can manage the secure revocation of access tokens within Box. We are extending the capabilities of the /revoke endpoint to provide the ability to revoke both standard fully scoped access tokens (current functionality), as well as downscoped tokens (new functionality).

What are access tokens and what’s changing?

Up until this launch, the /revoke endpoint could only revoke fully scoped access tokens that don’t go through the downscoping process, but couldn’t revoke any tokens that had gone through the downscoping process. You now have the ability to revoke both.

What does this mean for you?

  • A user leaves you site or logs out instead of letting it expire on its own.
  • You’ve identified suspicious user actions and want to force an additional verification step for the user to ensure they are who they say they are.
  • You need to push new security enhancements to your site or service and want to force everyone off of existing tokens.

As always, your feedback on security and product needs powers how Box Platform is built and enhanced. If you have suggestions on new products, enhancements, or issues we’d love to hear what you think over at Box Pulse, which helps us to enable more transparent requests and build processes at Box.

Happy coding!

Box Developer Blog

News and stories for working with the Box APIs

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store