Invalidate User Access Tokens

Endpoint URL: {registrationDomain} /entity.deleteAccess


Removes all existing access grants associated with the selected user. This endpoints removes all access tokens, all refresh tokens, and all refresh secrets that have been issued to the user. Removing the access grants forces the user to re-authenticate should they attempt to exercise any of those grants. 

Note that this endpoint does not remove access grants that may be managed by other services, such as Single Sign-On.

This endpoint requires a client with the owner, direct_access, access_issuer, or login_client feature.

Respects the API Client Allow List: Yes

API Client Permissions

The following table indicates the API clients that can (and the API clients that can't) be used to call this endpoint:



This endpoint supports both Basic authentication (recommended) and janrain-signed authentication.

How to Create an Authentication String

Base URL

The base URL for this endpoint is your Identity Cloud Capture domain; for example:

Your Capture domains (also known as Registration domains) can be found in the Console on the Manage Application page:


This command deletes all the access grants that reference the user UUID 2efede78-fdf7-4e38-9785-4a82de768b9f.

curl -X POST \
  -H "Authorization: Basic c2dueXZ1czZwYzRqbTdraHIybmVxNWdzODlnYnIyZXE6d3Q0YzN1bjl3a2tjZnZ5a25xeDQ0eW5jNDc2YWZzNjg=" \
  --data-urlencode type_name=user \
  --data-urlencode uuid=2efede78-fdf7-4e38-9785-4a82de768b9f \

      Running this command in Postman

Example Response

  "stat": "ok"

Query Parameters

idstringNoEntity ID. Required if you are not using the uuid or key_attributes parameters.
key_attributestringNoName of a unique attribute used with schema. Required if you are not using the id or uuid parameters, and must be used in conjunction with the key_value parameter.
key_valuestringNoValue for the attribute specified by the key_attribute parameter. String values must be enclosed in quotes.
uuidstringNoUnique identifier for the user record. Required if you are not using the id or key_attribute parameters.