diff --git a/lib/routes/destroy.js b/lib/routes/destroy.js
index 1f553d0be..e9baec962 100644
--- a/lib/routes/destroy.js
+++ b/lib/routes/destroy.js
@@ -17,7 +17,7 @@ module.exports = {
         .length(config.get('unique.token') * 2) // hex = bytes*2
         .regex(validators.HEX_STRING)
         .required(),
-      client_secret: Joi.string()
+      client_secret: Joi.string().allow('')
     }
   },
   handler: function destroyToken(req, reply) {
diff --git a/test/api.js b/test/api.js
index 8adee1602..f8922a894 100644
--- a/test/api.js
+++ b/test/api.js
@@ -1455,5 +1455,18 @@ describe('/v1', function() {
         assert.equal(res.statusCode, 200);
       });
     });
+    it('should accept empty client_secret', function() {
+      return newToken().then(function(res) {
+        return Server.api.post({
+          url: '/destroy',
+          payload: {
+            token: res.result.access_token,
+            client_secret: ''
+          }
+        });
+      }).then(function(res) {
+        assert.equal(res.statusCode, 200);
+      });
+    });
   });
 });