Revoke Access to Salesforce Healthcare API

After a connected app receives an access or refresh token from an OAuth 2.0 authorization flow, it can use the token to access data. You can revoke the connected app’s access token, or the refresh token and all related access tokens by making a POST request on the following deregistration URL:

Example of a deregistration request:

If an access token is included, Salesforce invalidates it and revokes the token. If a refresh token is included, Salesforce revokes it and any associated access tokens.