Identity
Revoke Tokens
Revoke all tokens for a user
POST
Revoke Tokens
Revoke all tokens for a user, including their MCP Identity Token and stored OAuth tokens.Request
Headers
Your MCP Rank API key
Body Parameters
Your user’s unique identifier
Response
Returns 200 OK on success.What Gets Revoked
When you call this endpoint:- MCP Identity Token (MIT) - Immediately invalidated
- Refresh token - Can no longer be used
- Stored OAuth tokens - Deleted from server (Google, etc.)
When to Revoke Tokens
- User logout - When a user signs out of your application
- Account disconnection - When a user wants to disconnect their Google account
- Security concerns - If you suspect token compromise
- User deletion - When removing a user from your system
Important Notes
Users can also revoke access from:
- The MCP Rank dashboard
- Their Google account settings (accounts.google.com/permissions)