Skip to main content
POST
/
api
/
{serviceId}
/
gm
Typescript (SDK)
import { Authlete } from "@authlete/typescript-sdk";

const authlete = new Authlete({
  bearer: process.env["AUTHLETE_BEARER"] ?? "",
});

async function run() {
  const result = await authlete.grantManagement.processRequest({
    serviceId: "<id>",
    gMRequest: {
      accessToken: "eyJhbGciOiJFUzI1NiJ9.eyJleHAiOjE1NTk4MTE3NTAsImlzcyI6IjU3Mjk3NDA4ODY3In0K.csmdholMVcmjqHe59YWgLGNvm7I5Whp4phQCoGxyrlRGMnTgsfxtwyxBgMXQqEPD5q5k9FaEWNk37K8uAtSwrA",
      gmAction: "REVOKE",
      grantId: "57297408867",
    },
  });

  console.log(result);
}

run();
{
  "resultCode": "<string>",
  "resultMessage": "<string>",
  "action": "OK",
  "responseContent": "<string>",
  "dpopNonce": "<string>"
}

Authorizations

Authorization
string
header
required

Authenticate every request with a Service Access Token or Organization Token. Set the token value in the Authorization: Bearer <token> header.

Service Access Token: Scoped to a single service. Use when automating service-level configuration or runtime flows.

Organization Token: Scoped to the organization; inherits permissions across services. Use for org-wide automation or when managing multiple services programmatically.

Both token types are issued by the Authlete console or provisioning APIs.

Path Parameters

serviceId
string
required

A service ID.

Body

application/json
accessToken
string

An access token to introspect.

clientCertificate
string

Client certificate in PEM format, used to validate binding against access tokens using the TLS client certificate confirmation method.

dpop
string

DPoP header presented by the client during the request to the resource server.

The header contains a signed JWT which includes the public key that is paired with the private key used to sign the JWT. See OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP) for details.

htm
string

HTTP method of the request from the client to the protected resource endpoint. This field is used to validate the DPoP header.

See OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP) for details.

htu
string

URL of the protected resource endpoint. This field is used to validate the DPoP header.

See OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP) for details.

gmAction
enum<string>

The grant management action of the device authorization request.

The grant_management_action request parameter is defined in Grant Management for OAuth 2.0.

Available options:
CREATE,
QUERY,
REPLACE,
REVOKE,
MERGE
grantId
string

The value of the grant_id request parameter of the device authorization request.

The grant_id request parameter is defined in Grant Management for OAuth 2.0 , which is supported by Authlete 2.3 and newer versions.

dpopNonceRequired
boolean

The flag indicating whether to require the DPoP proof JWT to include the nonce claim. Even if the service's dpopNonceRequired property is false, calling the /auth/gm API with this dpopNonceRequired parameter true will force the Authlete API to check whether the DPoP proof JWT includes the expected nonce value.

Response

Grant management completed successfully

resultCode
string

The code which represents the result of the API call.

resultMessage
string

A short message which explains the result of the API call.

action
enum<string>

The next action that the authorization server implementation should take.

Available options:
OK,
NO_CONTENT,
UNAUTHORIZED,
FORBIDDEN,
NOT_FOUND,
CALLER_ERROR,
AUTHLETE_ERROR
responseContent
string

The content that the authorization server implementation is to return to the client application. Its format varies depending on the value of action parameter.

dpopNonce
string

Get the expected nonce value for DPoP proof JWT, which should be used as the value of the DPoP-Nonce HTTP header.