# revokeToken() Revokes an [M2M token](https://clerk.com/docs/guides/development/machine-auth/m2m-tokens.md). This endpoint can be authenticated by either a Machine Secret Key or by a Clerk Secret Key. - When revoking a M2M token with a Machine Secret Key, the token must be managed by the Machine associated with the Machine Secret Key. - When revoking a M2M token with a Clerk Secret Key, any token on the instance can be revoked. > Only opaque tokens can be revoked. JWT tokens are not stored by Clerk and therefore cannot be revoked. If you need revocation capability, use the default opaque token format when creating tokens. ```ts function revokeToken(params: RevokeM2MTokenParams): Promise ``` ## `RevokeM2MTokenParams` | Name | Type | Description | | ----------------- | -------------- | ------------------------------------------------------------------------------------------------------------------------ | | machineSecretKey? | string | Custom machine secret key for authentication. If not provided, the SDK will use the value from the environment variable. | | m2mTokenId | string | The ID of the M2M token to revoke. | | revocationReason? | string | null | Optional reason for revocation. Useful for your records. | ## Example > Using `clerkClient` varies based on the SDK you're using. Refer to the [overview](https://clerk.com/docs/reference/backend/overview.md) for usage details, including guidance on [how to access the `userId` and other properties](https://clerk.com/docs/reference/backend/overview.md#example-get-the-user-id-and-other-properties). ```ts const response = await clerkClient.m2m.revokeToken({ m2mTokenId }) ``` ## Backend API (BAPI) endpoint This method in the SDK is a wrapper around the BAPI endpoint `POST/m2m_tokens/{m2m_token_id}/revoke`. See the [BAPI reference](https://clerk.com/docs/reference/backend-api/tag/m2m-tokens/POST/m2m_tokens/%7Bm2m_token_id%7D/revoke){{ target: '_blank' }} for more information. --- ## Sitemap [Overview of all docs pages](https://clerk.com/docs/llms.txt)