discord · dyc · Oct 3, 2025 · Oct 2, 2025 · Oct 2, 2025 · Oct 3, 2025
@@ -182,6 +182,28 @@ client->UpdateToken(discordpp::AuthorizationTokenType::Bearer, ACCESS_TOKEN_VALU
 
 Access tokens expire after 7 days, requiring refresh tokens to get a new one.
 
+### Server-to-Server Token Refresh
+
+If you're handling authentication on your server, send an API request to refresh the token.
+
+```python
+import requests
+
+API_ENDPOINT = 'https://discord.com/api/v10'
+CLIENT_ID = 'YOUR_CLIENT_ID'
+CLIENT_SECRET = 'YOUR_CLIENT_SECRET'
+
+def refresh_token(refresh_token):
+    data = {
+        'grant_type': 'refresh_token',
+        'refresh_token': refresh_token
+    }
+    headers = {'Content-Type': 'application/x-www-form-urlencoded'}
+    r = requests.post(f'{API_ENDPOINT}/oauth2/token', data=data, headers=headers, auth=(CLIENT_ID, CLIENT_SECRET))
+    r.raise_for_status()
+    return r.json()
+```
+
 ### Refreshing Access Tokens for Public Clients
 
 <PublicClient />
@@ -206,9 +228,19 @@ client->RefreshToken(
       });
 ```
 
-### Server-to-Server Token Refresh
+---
 
-If you're handling authentication on your server, send an API request to refresh the token.
+## Revoking Access Tokens
+
+If a user wants to disconnect their Discord account or if a token is compromised, you can revoke access and refresh tokens.
+
+:::warn
+When any valid access or refresh token is revoked, all of your application's access and refresh tokens for that user are immediately invalidated.
+:::
+
+### Server-to-Server Token Revocation
+
+If your application uses a backend server, you can revoke tokens by making an API request to Discord's token revocation endpoint.
 
 ```python
 import requests
@@ -217,27 +249,13 @@ API_ENDPOINT = 'https://discord.com/api/v10'
 CLIENT_ID = 'YOUR_CLIENT_ID'
 CLIENT_SECRET = 'YOUR_CLIENT_SECRET'
 
-def refresh_token(refresh_token):
-    data = {
-        'grant_type': 'refresh_token',
-        'refresh_token': refresh_token
-    }
+def revoke_token(access_or_refresh_token):
+    data = {'token': access_or_refresh_token}
     headers = {'Content-Type': 'application/x-www-form-urlencoded'}
     r = requests.post(f'{API_ENDPOINT}/oauth2/token', data=data, headers=headers, auth=(CLIENT_ID, CLIENT_SECRET))
     r.raise_for_status()
-    return r.json()
 ```
 
----
-
-## Revoking Access Tokens
-
-If a user wants to disconnect their Discord account or if a token is compromised, you can revoke access and refresh tokens.
-
-:::warn
-When any valid access or refresh token is revoked, all of your application's access and refresh tokens for that user are immediately invalidated.
-:::
-
 ### Revoking Access Tokens for Public Clients
 
 <PublicClient />
@@ -263,24 +281,6 @@ client->RevokeToken(YOUR_DISCORD_APPLICATION_ID,
                     });
 ```
 
-### Server-to-Server Token Revocation
-
-If your application uses a backend server, you can revoke tokens by making an API request to Discord's token revocation endpoint.
-
-```python
-import requests
-
-API_ENDPOINT = 'https://discord.com/api/v10'
-CLIENT_ID = 'YOUR_CLIENT_ID'
-CLIENT_SECRET = 'YOUR_CLIENT_SECRET'
-
-def revoke_token(access_or_refresh_token):
-    data = {'token': access_or_refresh_token}
-    headers = {'Content-Type': 'application/x-www-form-urlencoded'}
-    r = requests.post(f'{API_ENDPOINT}/oauth2/token', data=data, headers=headers, auth=(CLIENT_ID, CLIENT_SECRET))
-    r.raise_for_status()
-```
-
 ### Handling User Initiated Revocation
 
 Users can unlink their account by removing access to your application on their Discord `User Settings -> Authorized Apps` page.