> ## Documentation Index
> Fetch the complete documentation index at: https://docs.wizcommerce.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Revoke API Token

> Revoke the API token currently being used for authentication

## Overview

Revoke the API token currently being used for authentication. The token is identified by the `X-API-Key` header you send with the request. Once revoked, the token can no longer be used for authentication. This is useful for:

* Rotating tokens for security
* Removing compromised tokens
* Cleaning up unused tokens

## Important Notes

⚠️ **Warning**: Once a token is revoked, it cannot be restored. You'll need to create a new token if needed.

✅ **Best Practice**: Before revoking a token, ensure no active integrations are using it, or create a replacement token first.

⚠️ **Important**: This endpoint revokes the token you're currently using (the one in the `X-API-Key` header). You cannot revoke other tokens using this endpoint.

## Token Rotation Flow

1. Generate a new token via `POST /auth/token`
2. Update your application with the new token
3. Test the new token works
4. Revoke the old token via this endpoint using the old token's `X-API-Key` header


## OpenAPI

````yaml delete /auth/token
openapi: 3.0.0
info:
  description: Open API's for WizCommerce API's
  title: WizCommerce Open API's
  termsOfService: https://wizcommerce.com/terms/
  contact:
    name: Tech Support
    url: https://help.wizcommerce.com/
    email: tech@wizcommerce.com
  license:
    name: MIT
    url: https://opensource.org/licenses/MIT
  version: '1.0'
servers:
  - url: https://api.wizcommerce.com
    description: Production BaseURL
  - url: https://api-staging.sourcerer.tech
    description: Staging BaseURL
security: []
paths:
  /auth/token:
    delete:
      tags:
        - Authentication
      summary: Revoke API Token
      description: Revoke the API token currently being used for authentication
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/auth.RevokeTokenResponse'
        '400':
          description: Bad Request
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/errors.HttpError'
        '401':
          description: Unauthorized
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/errors.HttpError'
        '500':
          description: Internal Server Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/errors.HttpError'
      security:
        - ApiKeyAuth: []
components:
  schemas:
    auth.RevokeTokenResponse:
      type: object
      properties:
        message:
          type: string
          x-order: '0'
          example: Token revoked successfully
    errors.HttpError:
      type: object
      properties:
        code:
          type: string
          x-order: '1'
        message:
          type: string
          x-order: '2'
        details:
          type: array
          items:
            $ref: '#/components/schemas/errors.HttpErrorDetails'
          x-order: '3'
    errors.HttpErrorDetails:
      type: object
      properties:
        field:
          type: string
          x-order: '1'
        reason:
          type: string
          x-order: '2'
  securitySchemes:
    ApiKeyAuth:
      description: API Key for authentication
      type: apiKey
      name: X-API-Key
      in: header

````