Revoke Access - Apinizer Dokümantasyonu

Endpoint

DELETE /apiops/projects/{projectName}/credentials/{username}/access/

Authentication

Requires a Personal API Access Token.

Authorization: Bearer YOUR_TOKEN

Request

Headers

Header	Value	Required
Authorization	Bearer	Yes
Content-Type	application/json	Yes

Path Parameters

Parameter	Type	Required	Description
projectName	string	Yes	Project name
username	string	Yes	Username of the credential

Request Body

Same structure as Grant Access. Object containing an array of access objects.

Full JSON Body Example - Revoke Access from Single API Proxy

{
  "credentialAccessList": [
    {
      "name": "MyAPI",
      "type": "API_PROXY"
    }
  ]
}

Full JSON Body Example - Revoke Access from Multiple Resources

{
  "credentialAccessList": [
    {
      "name": "MyAPI",
      "type": "API_PROXY"
    },
    {
      "name": "PaymentAPI",
      "type": "API_PROXY"
    },
    {
      "name": "MyAPIGroup",
      "type": "API_PROXY_GROUP"
    }
  ]
}

Request Body Fields

Same as Grant Access. See Grant Access for field descriptions.

Notes

Request body must be an object with credentialAccessList array
Each access object must have name and type
name must match an existing API Proxy or API Proxy Group
type must be either API_PROXY or API_PROXY_GROUP
Access must exist to be revoked
Revocation is automatically deployed to all environments

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "message": "Undeployment completed successfully",
    "environmentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Undeployed successfully"
      },
      {
        "environmentName": "staging",
        "success": true,
        "message": "Undeployed successfully"
      }
    ]
  }
}

Error Response (400 Bad Request)

{
  "error": "bad_request",
  "error_description": "Credential access object name can not be empty!"
}

{
  "error": "bad_request",
  "error_description": "API Proxy (name:MyAPI) is not found or user does not have privilege to access it!"
}

Common Causes

Empty access object
Missing name or type field
API Proxy or API Proxy Group does not exist
Access does not exist (already revoked)

Error Response (401 Unauthorized)

{
  "error": "unauthorized_client",
  "error_description": "Invalid token"
}

Error Response (404 Not Found)

{
  "error": "not_found",
  "error_description": "Project(MyProject) was not found or user does not have privilege to access it!"
}

cURL Example

Example 1: Revoke Access from Single API Proxy

curl -X DELETE \
  "https://demo.apinizer.com/apiops/projects/MyProject/credentials/api-user/access/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "credentialAccessList": [
      {
        "name": "MyAPI",
        "type": "API_PROXY"
      }
    ]
  }'

Example 2: Revoke Access from Multiple Resources

curl -X DELETE \
  "https://demo.apinizer.com/apiops/projects/MyProject/credentials/api-user/access/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "credentialAccessList": [
      {
        "name": "MyAPI",
        "type": "API_PROXY"
      },
      {
        "name": "MyAPIGroup",
        "type": "API_PROXY_GROUP"
      }
    ]
  }'

Notes and Warnings

Request Body Format:
- Request body must be an object with credentialAccessList array
- Even for single revocation, use object format with array inside
Access Must Exist:
- Access must exist to be revoked
- Revoking non-existent access will fail silently
Automatic Undeployment:
- Access revocation is automatically undeployed from all environments
- Undeployment results are returned in the response
API Proxy Group:
- Revoking access from API Proxy Group revokes access to all APIs in the group
- Individual API accesses are not affected if group access is revoked

Permissions

User must have IDENTITY + MANAGE permission in the project
For automatic undeployment, user must also have IDENTITY + DEPLOY_UNDEPLOY permission

Get Granted Access List - Get list of granted accesses
Grant Access - Grant access to API Proxy or Group
Delete Credential - Delete a credential

Home

​Endpoint

​Authentication

​Header

​Request

​Headers

​Path Parameters

​Request Body

​Full JSON Body Example - Revoke Access from Single API Proxy

​Full JSON Body Example - Revoke Access from Multiple Resources

​Request Body Fields

​Notes

​Response

​Success Response (200 OK)

​Error Response (400 Bad Request)

​Common Causes

​Error Response (401 Unauthorized)

​Error Response (404 Not Found)

​cURL Example

​Example 1: Revoke Access from Single API Proxy

​Example 2: Revoke Access from Multiple Resources

​Notes and Warnings

​Permissions

​Related Documentation

Endpoint

Authentication

Header

Request

Headers

Path Parameters

Request Body

Full JSON Body Example - Revoke Access from Single API Proxy

Full JSON Body Example - Revoke Access from Multiple Resources

Request Body Fields

Notes

Response

Success Response (200 OK)

Error Response (400 Bad Request)

Common Causes

Error Response (401 Unauthorized)

Error Response (404 Not Found)

cURL Example

Example 1: Revoke Access from Single API Proxy

Example 2: Revoke Access from Multiple Resources

Notes and Warnings

Permissions

Related Documentation