Revoking an IAM token

Written by

Updated at May 5, 2025

You can revoke an IAM token you got earlier. You may need to do this, for example, if the token is compromised or if you are getting a new one.

To revoke an IAM token:

CLI

API

If you do not have the Yandex Cloud CLI yet, install and initialize it.

The folder specified when creating the CLI profile is used by default. To change the default folder, use the yc config set folder-id <folder_ID> command. You can specify a different folder using the --folder-name or --folder-id parameter.

Check out the description of the IAM token revocation command:
```
yc iam revoke-token --help
```

Revoke the IAM token by specifying it in this command:

yc iam revoke-token \
  --iam-token "<IAM_token>"

Result:

subject_id: ajei280a73vc********

Run an http request specifying the IAM token to revoke:

curl \
  --request POST \
  --header 'Content-Type: application/json' \
  --header "Authorization: Bearer <IAM_token>" \
  --data '{
      "iamToken": "<IAM_token>"
  }' \
  https://iam.api.cloud.yandex.net/iam/v1/tokens:revoke

Result:

{
  "subjectId": "ajei280a73vc********"
}

Revoking an IAM token

See also

Was the article helpful?

Revoking an IAM token

See alsoSee also

Was the article helpful?

See also