diff --git a/src/clients.js b/src/clients.js
index ab84b8558..29901e363 100644
--- a/src/clients.js
+++ b/src/clients.js
@@ -12,6 +12,7 @@ exports = module.exports = {
     delClientTokensByUserId: delClientTokensByUserId,
     delByAppIdAndType: delByAppIdAndType,
     addClientTokenByUserId: addClientTokenByUserId,
+    delToken: delToken,
 
     // keep this in sync with start.sh ADMIN_SCOPES that generates the cid-webadmin
     SCOPE_APPS: 'apps',
@@ -65,6 +66,7 @@ function ClientsError(reason, errorOrMessage) {
 util.inherits(ClientsError, Error);
 ClientsError.INVALID_SCOPE = 'Invalid scope';
 ClientsError.INVALID_CLIENT = 'Invalid client';
+ClientsError.INVALID_TOKEN = 'Invalid token';
 ClientsError.INTERNAL_ERROR = 'Internal Error';
 
 function validateScope(scope) {
@@ -270,3 +272,20 @@ function addClientTokenByUserId(clientId, userId, callback) {
         });
     });
 }
+
+function delToken(clientId, tokenId, callback) {
+    assert.strictEqual(typeof clientId, 'string');
+    assert.strictEqual(typeof userId, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    get(clientId, function (error, result) {
+        if (error) return callback(error);
+
+        tokendb.del(tokenId, function (error) {
+            if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.INVALID_TOKEN));
+            if (error) return callback(new ClientsError(ClientsError.INTERNAL_ERROR, error));
+
+            callback(null);
+        });
+    });
+}
diff --git a/src/routes/clients.js b/src/routes/clients.js
index 7d2b335bb..bf9cb4cc9 100644
--- a/src/routes/clients.js
+++ b/src/routes/clients.js
@@ -7,7 +7,8 @@ exports = module.exports = {
     getAll: getAll,
     addClientToken: addClientToken,
     getClientTokens: getClientTokens,
-    delClientTokens: delClientTokens
+    delClientTokens: delClientTokens,
+    delToken: delToken
 };
 
 var assert = require('assert'),
@@ -93,3 +94,17 @@ function delClientTokens(req, res, next) {
         next(new HttpSuccess(204));
     });
 }
+
+function delToken(req, res, next) {
+    assert.strictEqual(typeof req.params.clientId, 'string');
+    assert.strictEqual(typeof req.params.tokenId, 'string');
+    assert.strictEqual(typeof req.user, 'object');
+
+    clients.delToken(req.params.clientId, req.params.tokenId, function (error) {
+        if (error && error.reason === DatabaseError.NOT_FOUND) return next(new HttpError(404, 'no such client'));
+        if (error && error.reason === ClientsError.INVALID_TOKEN) return next(new HttpError(404, 'no such token'));
+        if (error) return next(new HttpError(500, error));
+
+        next(new HttpSuccess(204));
+    });
+}
diff --git a/src/server.js b/src/server.js
index 8ba36c97e..dd4b7b290 100644
--- a/src/server.js
+++ b/src/server.js
@@ -153,6 +153,7 @@ function initializeExpressSync() {
     router.get ('/api/v1/oauth/clients/:clientId/tokens', settingsScope, routes.clients.getClientTokens);
     router.post('/api/v1/oauth/clients/:clientId/tokens', routes.developer.enabled, settingsScope, routes.clients.addClientToken);
     router.del ('/api/v1/oauth/clients/:clientId/tokens', settingsScope, routes.clients.delClientTokens);
+    router.del ('/api/v1/oauth/clients/:clientId/tokens/:tokenId', settingsScope, routes.clients.delToken);
 
     // app routes
     router.get ('/api/v1/apps',          appsScope, routes.apps.getApps);