Invalidate User Access Tokens

Endpoint URL: {registrationDomain} /entity.deleteAccess



Description

Removes all existing access grants associated with the selected user. This endpoints removes all access tokens, all refresh tokens, and all refresh secrets that have been issued to the user. Removing the access grants forces the user to re-authenticate should they attempt to exercise any of those grants. 

Note that this endpoint does not remove access grants that may be managed by other services, such as Single Sign-On.

This endpoint requires a client with the owner, direct_access, access_issuer, or login_client feature.


Respects the API Client Allow List: Yes


API Client Permissions

The following table indicates the API clients that can (and the API clients that can't) be used to call this endpoint:

owner
access_issuer
direct_access
direct_read_access
login_client
Yes
Yes
Yes
No
Yes


Authentication

This endpoint supports both Basic authentication (recommended) and janrain-signed authentication.

How to Create an Authentication String


Base URL

The base URL for this endpoint is your Identity Cloud Capture domain; for example:

https://educationcenter.us-dev.janraincapture.com

Your Capture domains (also known as Registration domains) can be found in the Console on the Manage Application page:

Examples

This command deletes all the access grants that reference the user UUID 2efede78-fdf7-4e38-9785-4a82de768b9f.


curl -X POST \
  -H "Authorization: Basic c2dueXZ1czZwYzRqbTdraHIybmVxNWdzODlnYnIyZXE6d3Q0YzN1bjl3a2tjZnZ5a25xeDQ0eW5jNDc2YWZzNjg=" \
  --data-urlencode type_name=user \
  --data-urlencode uuid=2efede78-fdf7-4e38-9785-4a82de768b9f \
  https://my-app.janraincapture.com/entity.deleteAccess
          

      Running this command in Postman

Example Response


{
  "stat": "ok"
}        
                                                    


Query Parameters

ParameterTypeRequiredDescription
idstringNoEntity ID. Required if you are not using the uuid or key_attributes parameters.
 
key_attributestringNoName of a unique attribute used with schema. Required if you are not using the id or uuid parameters, and must be used in conjunction with the key_value parameter.
 
key_valuestringNoValue for the attribute specified by the key_attribute parameter. String values must be enclosed in quotes.
 
uuidstringNoUnique identifier for the user record. Required if you are not using the id or key_attribute parameters.