# Revoke a user grant

**DELETE /api/users/{userId}/grants/{grantId}**

Revoke a specific grant and its associated token chain by grant ID. Also removes the matching session authorization entry for this grant from the related active session. The grant must belong to the user.


## Servers
- Logto endpoint address.: https://[tenant_id].logto.app (Logto endpoint address.)


## Authentication methods
- O auth2


## Parameters

### Path parameters
- **userId** (string)
  The unique identifier of the user.
- **grantId** (string)
  The unique identifier of the grant.



## Responses
### 204
Grant revoked successfully. If the grant already expired, this endpoint returns success without token-chain changes.

### 400
Bad Request

### 401
Unauthorized

### 403
Forbidden

### 404
Grant not found. This can occur if the grant ID is invalid, or the grant does not belong to the user.

### 500
Internal Server Error


[Powered by Bump.sh](https://bump.sh)