Portal Community
Irreversible action: Revoking an access token permanently invalidates it. The associated user's automated workflows will stop functioning immediately. All stored credentials for this token must be deleted from BizFirst Credentials Manager after successful revocation.

When to Use

Configuration

Operation

FieldRequiredDescription
resourceRequiredMust be auth.
operationRequiredMust be revoke-token.
accessTokenRequiredThe long-lived access token to revoke. Retrieve from BizFirst Credentials Manager. This token will be permanently invalidated.
Delete from Credentials Manager: After successful revocation, the next node in your workflow must delete the stored credential from BizFirst Credentials Manager. Leaving an invalidated token stored is a data hygiene problem and will cause all subsequent workflows using that credential to fail with authentication errors.

Sample Configuration JSON

{
  "resource": "auth",
  "operation": "revoke-token",
  "accessToken": "{{ $credential.instagram.accessToken }}"
}

Validation Errors

ErrorCause
accessToken is requiredaccessToken field is missing or empty.
Graph API error 190Token is already expired or was previously revoked.
Graph API error 200Token does not have the permissions required for revocation.

Output

Success Port

FieldTypeDescription
statusstring"success"
idstringInstagram user ID associated with the revoked token.
usernamestringInstagram username of the account that was disconnected.
accountTypestringAccount type — "BUSINESS", "MEDIA_CREATOR", or "PERSONAL".
payloadstringRaw JSON response from the Graph API confirming identity before revocation.

Error Port

FieldTypeDescription
statusstring"error"
errorCodestringGraph API error code.
errorMessagestringError description.
payloadstringRaw error response.

Sample Output JSON

{
  "status": "success",
  "id": "17841400000000000",
  "username": "yourbrand",
  "accountType": "BUSINESS",
  "payload": "{\"id\":\"17841400000000000\",\"username\":\"yourbrand\",\"account_type\":\"BUSINESS\"}"
}

Expression Reference

ExpressionValue
{{ $output.instagram.id }}Instagram user ID of the disconnected account
{{ $output.instagram.username }}Username of the disconnected account
{{ $output.instagram.accountType }}Account type string

Node Policies & GuardRails

Examples

User-initiated account disconnection

{
  "resource": "auth",
  "operation": "revoke-token",
  "accessToken": "{{ $credential.instagram.accessToken }}"
}
// On success:
// 1. Delete credential from BizFirst Credentials Manager
// 2. Disable all scheduled workflows for this user's Instagram account
// 3. Log revocation audit event with id + username
// 4. Send disconnection confirmation email to user

Offboarding workflow — revoke all tenant tokens

// Iterating over all Instagram credentials for the offboarded tenant
{
  "resource": "auth",
  "operation": "revoke-token",
  "accessToken": "{{ $loop.current.accessToken }}"
}
// On success or error 190: delete credential record
// Continue loop regardless of revocation error to ensure all records are cleaned up

Part of a tenant offboarding workflow that iterates over all connected social accounts. Uses the output username to populate the offboarding audit report before deleting credentials.

GDPR erasure — credential revocation step

{
  "resource": "auth",
  "operation": "revoke-token",
  "accessToken": "{{ $db.users.where(userId=$input.userId).instagramAccessToken }}"
}
// On success: mark erasure step 'instagram_token_revoked' = true in erasure request record
// Subsequent node deletes all stored Instagram data (posts, comments, media metadata) for this user