Hi @lemon.wu,
If I understand correctly, you are looking for a means to remove/revoke these OAuth tokens via the REST API. There is no REST API endpoint that can do this today. I found a related question to this back from a year ago where Stephen explains a bit more about why this would be a problem in https://community.atlassian.com/t5/Confluence-questions/Revoke-access-token-app-via-API/qaq-p/1128713
Digging deeper into the OAuth 2.0 (3LO) for apps documentation there is a note about this in:
With site-scoped grants, an access token can have access to multiple sites. This means that an app can't delete an access token to revoke access. For example, an access token could grant access to site A, then delete it to remove access. However, if the user grants the app access to site C later, the app will be issued with an access token with access to sites A and B. The only way access can be removed is for the user to revoke access via the Connect apps tab in their account settings at https://{subdomain}.atlassian.net/people/{account_id}/settings/apps.
Which means, I don't know of any other way short of manually revoking each of those. Was this an app that you were developing? You mentioned the term 'bot', so I'm somewhat concerned that perhaps you feel the site was compromised in some way. I would be interested to investigate this further if possible. The site you selected when creating this question wasn't in existence in February when it appears these apps were connected. So perhaps this is happening on a different site here? I can't tell since the URL in the screenshot has been obscured, but I would be interested to better understand the source problem so that we can try to provide help here if necessary.
Please let me know.
Andy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.