> ## Documentation Index
> Fetch the complete documentation index at: https://docs.flexslot.gg/llms.txt
> Use this file to discover all available pages before exploring further.

# OAuth 2.0 Token Revocation (RFC 7009)

> Invalidates a token (access or refresh) previously issued by this server. Always returns HTTP 200 with an empty body — unknown / other-client / already-revoked tokens are silently accepted to avoid leaking existence.



## OpenAPI

````yaml /openapi.json post /api/public/v1/oauth/revoke
openapi: 3.0.3
info:
  title: Flexslot API
  version: 1.0.0
  description: API documentation for Flexslot decks application
servers:
  - url: https://api.flexslot.gg
    description: Production
  - url: https://api-dev.flexslot.gg
    description: Development
security: []
paths:
  /api/public/v1/oauth/revoke:
    post:
      tags:
        - OAuth2
      summary: OAuth 2.0 Token Revocation (RFC 7009)
      description: >-
        Invalidates a token (access or refresh) previously issued by this
        server. Always returns HTTP 200 with an empty body — unknown /
        other-client / already-revoked tokens are silently accepted to avoid
        leaking existence.
      operationId: oauth2_revoke
      requestBody:
        content:
          application/x-www-form-urlencoded:
            schema:
              $ref: '#/components/schemas/OAuth2RevokeRequestRequest'
        required: true
      responses:
        '200':
          description: Revocation accepted. Empty body.
        '400':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/OAuth2RevokeError400'
          description: RFC 6749 §5.2 error envelope.
        '401':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/OAuth2RevokeError401'
          description: RFC 6749 §5.2 invalid_client error.
      security:
        - {}
components:
  schemas:
    OAuth2RevokeRequestRequest:
      type: object
      properties:
        token:
          type: string
          minLength: 1
          description: The token to revoke.
        token_type_hint:
          type: string
          minLength: 1
          description: 'Optional advisory hint: ''access_token'' or ''refresh_token''.'
        client_id:
          type: string
          minLength: 1
        client_secret:
          type: string
          minLength: 1
      required:
        - token
    OAuth2RevokeError400:
      type: object
      properties:
        error:
          type: string
        error_description:
          type: string
      required:
        - error
        - error_description
    OAuth2RevokeError401:
      type: object
      properties:
        error:
          type: string
        error_description:
          type: string
      required:
        - error
        - error_description

````