Delete a Token Policy

Endpoint URL: /{customerId}/config/tokenPolicies/{tokenPolicyId}


Deletes the specified token policy. 

Note that you cannot delete any token policy currently assigned to an OIDC client; that’s because OIDC clients must be assigned a token policy. If you want to remove a token policy that is assigned to an OIDC client, you must first modify the OIDC client and associate it with a different token policy. Only then can the token policy be removed. If you try to delete a token policy currently assigned to one or more OIDC clients your API call will fail, and the API response will include the client IDs for all the OIDC currently associated with the policy. For example:

   "errors": "[\"/customers/01000000-0000-3000-9000-000000000000/clients/af4f70a3-0364-4505-94c4-8d26df86e161\",

Respects the API Client Allow List: No


This endpoint requires token-based authentication. To obtain an access token, you must use a configuration client (using the client ID as the username and the client secret as the password) to access the /{customerId}/login/token endpoint. The access token returned from the token endpoint is then used in the Authorization header of your API call. For example, if you get back the access token Ki712dpGq5GPQcsxMHY6ShHY7wU_iTs0o9dPx4TEzf5yLIvddjnDVBJxjPDucf5YVB then your Authorization header would look like this when using Curl:

-H 'Authorization: Bearer Ki712dpGq5GPQcsxMHY6ShHY7wU_iTs0o9dPx4TEzf5yLIvddjnDVBJxjPDucf5YVB'

In Postman, set the Authorization Type to Bearer and use the access token as the value of the Token field.

Path Parameters

The path parameters that must be included in the request are listed in the following table:





Unique identifier of the customer associated with the token policy.




Unique identifier of the token policy to be deleted.

Sample Request (Curl)

The following command deletes the token policy with the policy ID 03ded1ac-ecdb-4bb6-9c40-6b638757e9fb:

curl -X DELETE \ \
  -H 'Authorization: Bearer Ki712dpGq5GPQcsxMHY6ShHY7wU_iTs0o9dPx4TEzf5yLIvddjnDVBJxjPDucf5YVB'


204 No Content

If your call to this endpoint succeeds, you will not get back a return value. Instead, you will get back the HTTP response code 204 No Content.

Response Codes

The following table includes information about some of the response codes that you might encounter when calling this endpoint.

Response CodeDescription


Bad request. Typically triggered if you try to delete a token policy still associated with an OIDC client.