Since users granted your application access to their data via a process in your application, it's nice to also provide them a way to revoke access if needed. You'll find this comes in handy for testing, too.
In our experience, most integrations call this Disconnect my Fullscript account to be a natural opposite from Connect to Fullscript or Connect my Fullscript account.
Practitioners and staff members can also revoke your app's access through the Fullscript Web App.
To revoke an access token use the api/oauth/revoke endpoint.
The token doesn't need to be refreshed prior to revoking it, and you don't need to provide a bearer token for this call.
(Remember to specify the same sandbox or production server used when creating the token.)
For example, a test query for an app targeting our US servers uses this endpoint:
POST https://api-us-snd.fullscript.io/api/oauth/revoke
To revoke a token, you need only provide your client_id, client_secret, and the token you want to revoke.
curl "https://api-us-snd.fullscript.io/api/oauth/revoke" \
-H 'Content-Type: application/json' \
-d $'{
"client_id": "83x92x21xx29x643xx9954x8x2xx651xxx87x66521x08x9x2x408x26x801x394",
"client_secret": "5305x72xxx6xx7xx4848xxxxx040x4xx4xx965xx566x662xxxxx6x7xxx5x730x",
"token": "xx7xxxxx7xxxx3xxxx5xxx9xx4xxxxxx1xxxx3x9xxx"
}'
This call returns an empty body.
200 OK
{
}