# Invalidating token

If you wish to invalidate the token, you will need to call our API.  (see [Implementation page](https://docs.edgetag.io/api/getting-started/oauth-2.0/implementation) for URLs).

{% tabs %}
{% tab title="JavaScript" %}

```javascript
const accessToken = 'aYsxMIy3XguB9YORh2GzAL8E60MsVvXbG8IHxNFooSo'
const tokenUrl = 'http://api-sandbox.edgetag.io/v1/oauth-app/client/revoke'

const body = new URLSearchParams({
  token: accessToken,
  token_type_hint: 'access_token',
})

const response = await fetch(tokenUrl.toString(), {
  method: 'POST',
  headers: {
    'Content-Type': 'application/x-www-form-urlencoded',
    Authorization: `Basic ${btoa(clientId + ':' + clientSecret)}`,
  },
  body
})
```

{% endtab %}

{% tab title="CURL" %}

```bash
curl --request POST \
  --url http://api-sandbox.edgetag.io/v1/oauth-app/client/revoke \
  --header 'Authorization: Basic ZDAyNzJjNDItN2VjYy00ODk5LWExYTctMDgwMWE4YTlkYTJmOmQwMjcyYzQyLTdlY2MtNDg5OS1hMWE3LTA4MDFhOGE5ZGEyZg==' \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data token=aYsxMIy3XguB9YORh2GzAL8E60MsVvXbG8IHxNFooSo \
  --data token_type_hint=access_token
```

{% endtab %}
{% endtabs %}

For the access token, use the latest valid access token for that user. This will immediately invalidate users' access.