Revoke Authorization Token

Revoke an unverified Authorization Token. Once revoked, the code can no longer be verified. Tokens that have already been verified or expired cannot be revoked and will return status 412 Precondition Failed.

Authentication

AuthorizationBearer

Bearer authentication of the form Bearer <token>, where token is your auth token.

Path parameters

idstringRequired

The unique id of the Authorization Token

Response

The token was revoked

idstringRead-only

The unique identifier for this object.

donor_account_idstringRead-only

The ID of the Donor Account this token is bound to.

statusenum

The status of a Donor Authorization Token.

pending: The token has been issued but not yet verified.
verified: The token has been verified and can no longer be used.
revoked: The token was explicitly revoked before being verified.
expired: The token’s expires_at has passed and it can no longer be verified.

Allowed values:

created_atstringRead-onlyformat: "date-time"

Time when the token was issued. Expressed in RFC 3339 format.

expires_atstringRead-onlyformat: "date-time"

Time at which this token will expire and can no longer be verified. Defaults to 30 days after creation; configurable via the expires_in parameter on Create Authorization Token.

codestringRead-only

The token’s secret code value.

The code is only returned in the response of Create Authorization Token. It is omitted from all other responses (Get, List). If the code is lost, revoke the token and create a new one.

The format is a 12-character alphanumeric string designed to be easy for donors to read aloud or copy. Codes are not case-sensitive when verified.

verified_atstringRead-onlyformat: "date-time"

Time at which the token was verified. Only set when status is verified.

revoked_atstringRead-onlyformat: "date-time"

Time at which the token was revoked. Only set when status is revoked.

metadatamap from strings to strings

A map of arbitrary string keys and values to store information about the object.

Errors

400

Bad Request Error

401

Unauthorized Error

403

Forbidden Error

404

Not Found Error

412

Precondition Failed Error

500

Internal Server Error

1	{
2	"id": "auth_token_01jpjenf5q6cawy43yxfcrxhct",
3	"donor_account_id": "donor_account_01jpjenf5q6cawy43yxfcrxhct",
4	"status": "pending",
5	"created_at": "2026-04-01T12:00:00Z",
6	"expires_at": "2026-05-01T12:00:00Z",
7	"code": "DAFP-7K3X-9M4Q",
8	"verified_at": "2026-04-02T18:30:00Z",
9	"revoked_at": "2026-04-02T18:30:00Z",
10	"metadata": {}
11	}

$	curl -X POST https://api.givechariot.com/v1/authorization_tokens/auth_token_01jpjenf5q6cawy43yxfcrxhct/revoke \
>	-H "Authorization: Bearer <token>"