Revoking API tokens

Both merchants and partners are able to revoke partner tokens. Should a partner no longer be working with a merchant and no longer require API access, it is recommended that their token for the merchant's store be revoked. Merchants and partners may also need to revoke tokens should a partner token become compromised (exposed to another party), or should a different expiry date for partner access renewal be desired.

Merchant revokes partner token

Merchants may revoke partner tokens using the API Settings Tool, located in the Real-Time Links section of Store Manager:

1. Sign in to your My Services page.

2. Click the Store link.

   

3. Go to Real-Time Links.
   
4. Go to API Settings.
   
5. In the API Settings section, select the partner token you wish to revoke, using the corresponding Select checkbox then click the Revoke Selected button.
   
6. You will be asked to confirm that you wish to revoke the selected token. Click the Revoke button.
   

Once a token is revoked, it may no longer be used to make API calls. If the partner whose token you have revoked has more than one valid (non-expired) token associated with your store (for example, their original token and the renewed token, and you've revoked the renewed token), and you no longer wish for the partner to have API access for your store, it is recommended that any additional valid tokens for the partner also be revoked.

 

Partner revokes partner token

Partners may revoke their partner tokens using the Manage Partner Tokens tool.

1. Log in to the Manage Partner Tokens tool.
2. In the Active Tokens tab, select the token you wish to revoke using the corresponding Select checkbox.
3. Click the Revoke Selected button.
4. You will be asked to confirm that you wish to revoke the selected token. Click the Revoke Token(s) button.