Revoke Token by ID - OpenTrain AI

curl -sS -X DELETE https://app.opentrain.ai/api/public/v1/tokens/<TOKEN_ID> \
  -H "Authorization: Bearer $OT_API_TOKEN"

{
  "token": {
    "id": "<TOKEN_ID>",
    "name": "Old CI token",
    "preview": "ot_pat_91ab********77e2",
    "scopes": ["jobs:read"],
    "status": "revoked",
    "organizationId": null,
    "createdAt": "2026-05-27T18:30:46.565Z",
    "lastUsedAt": "2026-06-01T09:15:00.000Z",
    "expiresAt": null,
    "revokedAt": "2026-06-12T10:00:00.000Z"
  }
}

DELETE

api

public

tokens

{tokenId}

curl -sS -X DELETE https://app.opentrain.ai/api/public/v1/tokens/<TOKEN_ID> \
  -H "Authorization: Bearer $OT_API_TOKEN"

{
  "token": {
    "id": "<TOKEN_ID>",
    "name": "Old CI token",
    "preview": "ot_pat_91ab********77e2",
    "scopes": ["jobs:read"],
    "status": "revoked",
    "organizationId": null,
    "createdAt": "2026-05-27T18:30:46.565Z",
    "lastUsedAt": "2026-06-01T09:15:00.000Z",
    "expiresAt": null,
    "revokedAt": "2026-06-12T10:00:00.000Z"
  }
}

Revokes one personal API token by ID. The token stops authenticating immediately and revocation is irreversible — to restore access, create a new token. Find the tokenId via GET /tokens.

Revoking the token you are currently authenticating with breaks every subsequent call you make with it — revoke your own token only as the final step of a rotation.

Tokens belonging to another account return 404 — the API never confirms the existence of a token the caller does not own. To revoke by presenting the token itself instead of its ID (RFC 7009), use POST /api/agent/identity/revoke. Requirements: any valid token — token management needs no specific scope or feature flag, and works pre-claim.

Request

tokenId

string

required

The token ID (not the ot_pat_ secret) from GET /tokens.

Response

token

object

The revoked token record — same shape as the entries in GET /tokens, now with status: "revoked" and revokedAt set.

Errors

Status	`code`	Meaning
`401`	`UNAUTHORIZED`	Missing or invalid token
`404`	`NOT_FOUND`	No such token, or it belongs to another account (`details: {tokenId}`)

curl -sS -X DELETE https://app.opentrain.ai/api/public/v1/tokens/<TOKEN_ID> \
  -H "Authorization: Bearer $OT_API_TOKEN"

{
  "token": {
    "id": "<TOKEN_ID>",
    "name": "Old CI token",
    "preview": "ot_pat_91ab********77e2",
    "scopes": ["jobs:read"],
    "status": "revoked",
    "organizationId": null,
    "createdAt": "2026-05-27T18:30:46.565Z",
    "lastUsedAt": "2026-06-01T09:15:00.000Z",
    "expiresAt": null,
    "revokedAt": "2026-06-12T10:00:00.000Z"
  }
}

Create Token

CLI Overview

⌘I

​Request

​Response

​Errors

Request

Response

Errors