tokens_revoked event

API tokens for your app were revoked.

---

{
    "token": "XXYYZZ",
    "team_id": "TXXXXXXXX",
    "api_app_id": "AXXXXXXXXX",
    "event": {
        "type": "tokens_revoked",
        "tokens": {
            "oauth": [
                "UXXXXXXXX"
            ],
            "bot": [
                "UXXXXXXXX"
            ]
        }
    },
    "type": "event_callback",
    "event_id": "EvXXXXXXXX",
    "event_time": 1234567890
}

When your app's API tokens are revoked, the tokens_revoked event is sent via the Events API to your app if it is subscribed.

The example above details the complete Events API payload, including the event wrapper. Use the team_id to identify the associated workspace.

The inner event's tokens field is a hash keyed with the types of revoked tokens. oauth tokens are user-based tokens negotiated with OAuth or app installation, typically beginning with xoxp-. bot tokens are also negotiated in that process, but belong specifically to any bot user contained in your app and begin with xoxb-. Each key contains an array of user IDs, not the actual token strings representing your revoked tokens. To use this event most effectively, store your tokens along side user IDs and team IDs.

Events API compatibility

Subscribe to this event via the Events API.

Events of this type will be wrapped in metadata when sent via the Events API.

As an app event, subscriptions require no specific OAuth permission scope.

Unavailable in the RTM API

This event type is compatible only with the Events API.