Revoke a user grant

DELETE /api/users/{userId}/grants/{grantId}

Revoke a specific grant and its associated token chain by grant ID. Also removes the matching session authorization entry for this grant from the related active session. The grant must belong to the user.

Path parameters

userId string Required

The unique identifier of the user.
grantId string Required

The unique identifier of the grant.

Responses

204

Grant revoked successfully. If the grant already expired, this endpoint returns success without token-chain changes.
400

Bad Request
401

Unauthorized
403

Forbidden
404

Grant not found. This can occur if the grant ID is invalid, or the grant does not belong to the user.
500

Internal Server Error

DELETE /api/users/{userId}/grants/{grantId}

curl \
 --request DELETE 'https://[tenant_id].logto.app/api/users/{userId}/grants/{grantId}' \
 --header "Authorization: Bearer $ACCESS_TOKEN"