Invalidate User Access Tokens

Endpoint URL: {registrationDomain} /entity.deleteAccess

Description

Removes all existing access grants associated with the selected user. This endpoints removes all access tokens, all refresh tokens, and all refresh secrets that have been issued to the user. Removing the access grants forces the user to re-authenticate should they attempt to exercise any of those grants.

Note that this endpoint does not remove access grants that may be managed by other services, such as Single Sign-On.

This endpoint requires a client with the owner, direct_access, access_issuer, or login_client feature.

Respects the API Client Allow List: Yes

API Client Permissions

The following table indicates the API clients that can (and the API clients that can't) be used to call this endpoint:

owner	access_issuer	direct_access	direct_read_access	login_client
Yes	Yes	Yes	No	Yes

Authentication

This endpoint supports both Basic authentication (recommended) and janrain-signed authentication.

How to Create an Authentication String

Base URL

The base URL for this endpoint is your Identity Cloud Capture domain; for example:

https://educationcenter.us-dev.janraincapture.com

Your Capture domains (also known as Registration domains) can be found in the Console on the Manage Application page:

Examples

This command deletes all the access grants that reference the user UUID 2efede78-fdf7-4e38-9785-4a82de768b9f.


curl -X POST \
  -H "Authorization: Basic c2dueXZ1czZwYzRqbTdraHIybmVxNWdzODlnYnIyZXE6d3Q0YzN1bjl3a2tjZnZ5a25xeDQ0eW5jNDc2YWZzNjg=" \
  --data-urlencode type_name=user \
  --data-urlencode uuid=2efede78-fdf7-4e38-9785-4a82de768b9f \
  https://my-app.janraincapture.com/entity.deleteAccess

Running this command in Postman

Example Response


{
  "stat": "ok"
}

Query Parameters

Parameter	Type	Required	Description
id	string	No	Entity ID. Required if you are not using the uuid or key_attributes parameters.
key_attribute	string	No	Name of a unique attribute used with schema. Required if you are not using the id or uuid parameters, and must be used in conjunction with the key_value parameter.
key_value	string	No	Value for the attribute specified by the key_attribute parameter. String values must be enclosed in quotes.
uuid	string	No	Unique identifier for the user record. Required if you are not using the id or key_attribute parameters.

How to Create an Authentication String

To create an authentication string, combine your API client ID, a colon (:), and your client secret into a single value. For example, if your client ID is abcdefg and your client secret is hijklmnop, that value would look like this:

abcdefg:hijklmnop

Next, take the string and base64 encode it. For example, on a Mac, you can base encode the string using this command:

echo -n "abcdefg:hijklmnop" | base64

If you’re running Microsoft Windows, you can encode the string by using a Windows PowerShell command similar to this:

[Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("abcdefg:hijklmn"))

The resulting value (e.g., YWJjZGVmZzpoaWprbG1ub3A=) should be used in your authentication header.

If you are making API calls using Postman, select Basic Auth as your identification type, then use the client ID as the username and the client secret as the password.

Before you actually try your authentication string, make sure that your API client has the all the permissions (for example, the right to read user profile information) needed to complete the API call.

Endpoint URL: {registrationDomain} /entity.deleteAccess

Description

Respects the API Client Allow List: Yes

API Client Permissions

Authentication

Base URL

Examples

Query Parameters

Running this Command in Postman

How to Create an Authentication String

Rate this Article