Code Cookbook

Revoke OAuth Token

Respect user privacy by enabling them to revoke unwanted OAuth tokens.

Server Side
Client Side
Languages Supported

Users should be able to revoke access to their accounts. To revoke an OAuth token, send a request to the Revoke Token endpoint.

Before you start

To use the example code as written, you will need:

Step 1: Add code to let users revoke access to their accounts

Create a PHP file called revoke_token.php and add code to let users to revoke access to their accounts. Make sure the revoke token page is in the same password-protected area as the main OAuth flow page.

<h2>Revoke Access to your Account</h2>
  Click the button below to close your account or revoke access to your Square

<form action="revoke_token.php" method="post">
  <input type="submit" id="submit" value="Revoke Access" />

Step 2: Add a function that revokes the OAuth token

Add a function (getAuthzCode) to call the OAuth API and revoke the access token.

// Revokes access token
function revokeToken($oauthToken) {

  // Create an OAuth API client
  $oauthApi = new SquareConnect\Api\OAuthApi($defaultApiClient);
  $body = new \SquareConnect\Model\RevokeTokenRequest();

  // Set the POST body

  try {
      $result = $oauthApi->revokeToken($body);
  } catch (Exception $e) {
      error_log 'Exception when calling OAuthApi->revokeToken: ' . $e->getMessage();
      throw new Exception("Error Processing Request: Token revocation failed!", 1);


If your request is successful, the Revoke Token will revoke the OAuth token and your code will print "Success!"

Contact Developer Support, join our Slack channel, or ask for help on Stack Overflow