Invalidate a user session

Invalidate user access grants
Open Recipe

Removes all the current access grants associated with the specified user. This operation removes all access tokens, refresh tokens, and refresh secrets issued to the user. Removing the access grants forces the user to re-authenticate should they attempt to exercise any of those grants.

Note that this endpoint doesn't remove access grants managed by other services, such as Single Sign-On or Hosted Login.

API client permissions

The following table indicates the API clients that can or can't be used to call this operation:



This operation supports both Basic authentication (recommended) and janrain-signed authentication. See Get started for more information.

Base URL

The base URL for this operation is your Identity Cloud Capture domain; for example:

Your Capture domain (also known as a Registration domain) can be found in Console on the Manage Application page.

Examples: Delete access grants

This command deletes all the access grants that reference the user with the uuid 2efede78-fdf7-4e38-9785-4a82de768b9f.

curl -X POST \
  -H "Authorization: Basic c2dueXZ1czZwYzRqbTdraHIybmVxNWdzODlnYnIyZXE6d3Q0YzN1bjl3a2tjZnZ5a25xeDQ0eW5jNDc2YWZzNjg=" \
  --data-urlencode type_name=user \
  --data-urlencode uuid=2efede78-fdf7-4e38-9785-4a82de768b9f \

Example response

If your API call succeeds the response consists of the status ok:

  "stat": "ok"

Query parameters

All parameters need to be configured as x-www-form-urlencoded body parameters.

idstringUnique identifier of the user account. Required if you aren't using the uuid or key_attribute parameters.
key_attributestringName of a unique attribute in the schema that can be used to identify the user account. Required if you aren't using the id or uuid parameters.
key_valuestringValue for the attribute specified by the key_attribute parameter. For example, if key_attribute is set to email then key_value needs to be set to the email address of the user's whose session you're invalidating.

Note that string values must be enclosed in quotes.
uuidstringUnique identifier of the user account. Required if you aren't using the id or key_attribute parameters.