Authorizations are user grants to applications to act on the user's behalf. Authorizations are how Integrations get authorized with specific access scopes in the oAuth client life-cycle. Integrations and some of the Webex service portals, like developer.webex.com, are all oAuth clients, each with their unique clientId.

Your application receives an API access token and a refresh token through the oAuth process. The access token is used to call Webex APIs for which the user authorized the scopes. Access tokens expire reasonably frequently, while refresh tokens (when being regularly used) will be refreshed to last forever (see Using the Refresh Token for details).

In this API an authorization is synonymous with an API access token.

To provide admins with fine-grained token management control, you use the /authorizations API with the DELETE HTTP method to revoke access and refresh tokens.

Deleting a refresh token will revoke all associated access tokens as well. Deleting an access token will revoke the developer's ability to call the APIs with it. Webex subsystems may cache the token's validity briefly after the authorization is deleted.

Admins can revoke user authorizations for users in their organization. When an admin deletes their own token, the clientId used to authorize the request must match the clientId used to generate the token.

To use the authorizations API in an Integration the scopes must include: identity:tokens_write, identity:tokens_read.