API tokens for your app were revoked.


Works with

Events API
    "token": "XXYYZZ",
    "team_id": "TXXXXXXXX",
    "api_app_id": "AXXXXXXXXX",
    "event": {
        "type": "tokens_revoked",
        "tokens": {
            "oauth": [
            "bot": [
    "type": "event_callback",
    "event_id": "EvXXXXXXXX",
    "event_time": 1234567890

When your app's API tokens are revoked, the tokens_revoked event is sent via the Events API to your app if it is subscribed.

The example above details the complete Events API payload, including the event wrapper. Use the team_id to identify the associated workspace.

The inner event's tokens field is a hash keyed with the types of revoked tokens. oauth tokens are user-based tokens negotiated with OAuth or app installation, typically beginning with xoxp-. bot tokens are also negotiated in that process, but belong specifically to any bot user contained in your app and begin with xoxb-. Each key contains an array of user IDs, not the actual token strings representing your revoked tokens. To use this event most effectively, store your tokens along side user IDs and team IDs.

When an event occurs, we will send an HTTP POST request to your Request URL. The outer payload is uniform across all Events API methods, and contains fields like team_id and event. Learn more