Revoke an OAuth token

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • You might want to revoke an OAuth access or refresh token for security reasons.

    Before you begin

    Role required: oauth_admin

    About this task

    Revoking the token pertains to the situation where your instance acts as the OAuth resource server. You can revoke the token through a URL.

    Procedure

    Access your instance using oauth_revoke_token.do and append the access or refresh token.

    For example: https://[Your_ServiceNow_Instance]:[port]/oauth_revoke_token.do?token=[access or refresh token] without the brackets [ ].

    Result

    This endpoint access does not require authentication. The token in this request is marked as expired.