Revoke Access
Endpoint
DELETE /apiops/projects/{projectName}/credentials/{username}/access/
Authentication
Requires a Personal API Access Token.
Header
Authorization: Bearer YOUR_TOKEN
Request
Headers
| Header | Value | Required |
|---|---|---|
| Authorization | Bearer {token} | Yes |
| Content-Type | application/json | Yes |
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| projectName | string | Yes | Project name |
| username | string | Yes | Username of the credential |
Request Body
Same structure as Grant Access. Object containing an array of access objects.
Full JSON Body Example - Revoke Access from Single API Proxy
{
"credentialAccessList": [
{
"name": "MyAPI",
"type": "API_PROXY"
}
]
}
Full JSON Body Example - Revoke Access from Multiple Resources
{
"credentialAccessList": [
{
"name": "MyAPI",
"type": "API_PROXY"
},
{
"name": "PaymentAPI",
"type": "API_PROXY"
},
{
"name": "MyAPIGroup",
"type": "API_PROXY_GROUP"
}
]
}
Request Body Fields
Same as Grant Access. See Grant Access for field descriptions.
Notes
- Request body must be an object with
credentialAccessListarray - Each access object must have
nameandtype namemust match an existing API Proxy or API Proxy Grouptypemust be eitherAPI_PROXYorAPI_PROXY_GROUP- Access must exist to be revoked
- Revocation is automatically deployed to all environments
Response
Success Response (200 OK)
{
"success": true,
"deploymentResult": {
"success": true,
"message": "Undeployment completed successfully",
"environmentResults": [
{
"environmentName": "production",
"success": true,
"message": "Undeployed successfully"
},
{
"environmentName": "staging",
"success": true,
"message": "Undeployed successfully"
}
]
}
}
Error Response (400 Bad Request)
{
"error": "bad_request",
"error_description": "Credential access object name can not be empty!"
}
or
{
"error": "bad_request",
"error_description": "API Proxy (name:MyAPI) is not found or user does not have privilege to access it!"
}
Common Causes
- Empty access object
- Missing
nameortypefield - API Proxy or API Proxy Group does not exist
- Access does not exist (already revoked)
Error Response (401 Unauthorized)
{
"error": "unauthorized_client",
"error_description": "Invalid token"
}
Error Response (404 Not Found)
{
"error": "not_found",
"error_description": "Project(MyProject) was not found or user does not have privilege to access it!"
}
cURL Example
Example 1: Revoke Access from Single API Proxy
curl -X DELETE \
"https://demo.apinizer.com/apiops/projects/MyProject/credentials/api-user/access/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"credentialAccessList": [
{
"name": "MyAPI",
"type": "API_PROXY"
}
]
}'
Example 2: Revoke Access from Multiple Resources
curl -X DELETE \
"https://demo.apinizer.com/apiops/projects/MyProject/credentials/api-user/access/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"credentialAccessList": [
{
"name": "MyAPI",
"type": "API_PROXY"
},
{
"name": "MyAPIGroup",
"type": "API_PROXY_GROUP"
}
]
}'
Notes and Warnings
-
Request Body Format:
- Request body must be an object with
credentialAccessListarray - Even for single revocation, use object format with array inside
- Request body must be an object with
-
Access Must Exist:
- Access must exist to be revoked
- Revoking non-existent access will fail silently
-
Automatic Undeployment:
- Access revocation is automatically undeployed from all environments
- Undeployment results are returned in the response
-
API Proxy Group:
- Revoking access from API Proxy Group revokes access to all APIs in the group
- Individual API accesses are not affected if group access is revoked
Permissions
- User must have
IDENTITY+MANAGEpermission in the project - For automatic undeployment, user must also have
IDENTITY+DEPLOY_UNDEPLOYpermission
Related Documentation
- Get Granted Access List - Get list of granted accesses
- Grant Access - Grant access to API Proxy or Group
- Delete Credential - Delete a credential