This document will guide you through all the necessary steps in order to invalidate token and stop access to the e-satisfaction API.
Invalidate a token
As we mentioned in a previous article about Creating a new Token, tokens cannot be altered to limit the scope actions that they contain. If you wish to limit the scope actions or completely invalidate a token, you can do it through the following actions:
- Set an expiration time
- Deleting the token
Set an expiration time
Although json-web-tokens (jwt) are designed to be standalone, we keep record of all the tokens that the API accepts to allow users to invalidate a token at any given time.
For this reason, each token is stored along with an expiration time in our databases. So, if you need to invalidate a token (usually in the next few days), simply add an expiration time and let the token expire itself.
This method is suitable for tokens that you provide to other services and you don't have complete power over their usage and, most importantly, you cannot change the token on demand.
Delete the token
The "most brutal" way to invalidate the token, is simply to delete it. Deleting the token will have an immediate effect on its usage and all API calls from that moment on will be rejected with a 403 - Forbidden code.