Stolen access tokens keep working until natural TTL expires.
Token Blocklist
When you press the revoke button, the stolen credential stops working in milliseconds — not in thirty minutes.
Govern
Every issued token has a natural lifetime. That lifetime is also the worst-case revocation latency if the platform does nothing. BoltPipeline closes that gap with a fast-path blocklist checked on every authenticated request — before any database round-trip.
What it solves
Common problems this capability removes from your engineering workflow.
Password changes don't invalidate other live sessions.
Revoking a compromised agent cert takes up to a day to enforce.
Suspending a tenant doesn't stop active users in real time.
How it works
The flow this capability runs end-to-end inside the platform.
- 1Four revocation grains — per token, per account, per tenant, per cert.
- 2Every authenticated request is checked before any business logic runs.
- 3Writes propagate in milliseconds; reads are sub-millisecond.
- 4Defense-in-depth re-checks happen on the database side too.
Related capabilities
Other capabilities in the BoltPipeline platform that work alongside this one.
5Security &
Authentication
Sign up, verify, log in, MFA, invite, reset — one identity engine handles staff and tenant users alike.
5Security &License Management
Every tenant has one active license; suspension, revocation, and expiry kill credentials in under a second.
6Agent &Agent Protocol
The agent in your network speaks three mTLS channels to the platform — and never holds policy or makes decisions.
See it on your data.
Try BoltPipeline against your live database — your data never leaves your environment.