Skip to content
Cloudflare API
Start here
API Reference
Zero Trust
Organizations

Revoke all Access tokens for a user

client.ZeroTrust.Organizations.RevokeUsers(ctx, params) (*OrganizationRevokeUsersResponse, error)
POST/{accounts_or_zones}/{account_or_zone_id}/access/organizations/revoke_user

Revokes a user's access across all applications.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
Access: Organizations, Identity Providers, and Groups Write
ParametersExpand Collapse
params OrganizationRevokeUsersParams
Email param.Field[string]

Body param: The email of the user to revoke.

AccountID param.Field[string]optional

Path param: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.

ZoneID param.Field[string]optional

Path param: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

QueryDevices param.Field[bool]optional

Query param: When set to true, all devices associated with the user will be revoked.

QueryDevices param.Field[bool]optional

Query param: When set to true, all devices associated with the user will be revoked.

UserUID param.Field[string]optional

Body param: The uuid of the user to revoke.

WARPSessionReauth param.Field[bool]optional

Body param: When set to true, the user will be required to re-authenticate to WARP for all Gateway policies that enforce a WARP client session duration. When false, the user’s WARP session will remain active

ReturnsExpand Collapse
type OrganizationRevokeUsersResponse bool
One of the following:
const OrganizationRevokeUsersResponseTrue OrganizationRevokeUsersResponse = true
const OrganizationRevokeUsersResponseFalse OrganizationRevokeUsersResponse = false

Revoke all Access tokens for a user

package main

import (
  "context"
  "fmt"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/option"
  "github.com/cloudflare/cloudflare-go/zero_trust"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"),
  )
  response, err := client.ZeroTrust.Organizations.RevokeUsers(context.TODO(), zero_trust.OrganizationRevokeUsersParams{
    Email: cloudflare.F("test@example.com"),
  })
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", response)
}

{
  "result": true,
  "success": true
}
Returns Examples
{
  "result": true,
  "success": true
}