Authorizations
This is an admin API. As a partner admin revoking tokens for your customer users, you must be a Full Admin
. As an admin in your own org revoking tokens for your home org, you must have either of the following roles: Full Admin
, Device Admin
, User admin
. Read-only admins are not supported.
Authorizations are user grants to applications to act on the user's behalf. Authorizations are how Integrations get authorized with specific access scopes in the oAuth client life-cycle. Integrations and some of the Webex service portals, like developer.webex.com, are all oAuth clients, each with their unique clientId
.
Your application receives an API access token and a refresh token through the oAuth process. The access token is used to call Webex APIs for which the user authorized the scopes. Access tokens expire fairly frequently, while refresh tokens (when being regularly used) will be refreshed to last forever (see Using the Refresh Token for details).
In this API an authorization is synonymous with an API access token.
To provide admins with fine-grained token management control, you use the /authorizations API with
the DELETE
HTTP method to revoke access and refresh tokens.
Deleting a refresh token will revoke all associated access tokens as well. Deleting an access token will revoke the developers ability to call the APIs with it. Webex subsystems may cache the validity of the token for a short while longer after the authorization was deleted.
Admins can revoke user authorizations for users in their organization. When an admin deletes their own token, the clientId
used to auhtorize the request must match the clientId
used to generate the token.
To use the authorizations API in an Integration the scopes must include: identity:tokens_write
,identity:tokens_read
.