Skip to content
Cloudflare API
Start here
API Reference
Zero Trust
Organizations

Revoke all Access tokens for a user

client.zeroTrust.organizations.revokeUsers(OrganizationRevokeUsersParams { email, account_id, zone_id, 3 more } params, RequestOptionsoptions?): OrganizationRevokeUsersResponse
POST/{accounts_or_zones}/{account_or_zone_id}/access/organizations/revoke_user

Revokes a user's access across all applications.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
Access: Organizations, Identity Providers, and Groups Write
ParametersExpand Collapse
params: OrganizationRevokeUsersParams { email, account_id, zone_id, 3 more }
email: string

Body param: The email of the user to revoke.

account_id?: string

Path param: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.

zone_id?: string

Path param: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

body_devices?: boolean

Body param: When set to true, all devices associated with the user will be revoked.

user_uid?: string

Body param: The uuid of the user to revoke.

warp_session_reauth?: boolean

Body param: When set to true, the user will be required to re-authenticate to WARP for all Gateway policies that enforce a WARP client session duration. When false, the user’s WARP session will remain active

ReturnsExpand Collapse
OrganizationRevokeUsersResponse = true | false
One of the following:
true
false

Revoke all Access tokens for a user

import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

const response = await client.zeroTrust.organizations.revokeUsers({
  email: 'test@example.com',
  account_id: 'account_id',
});

console.log(response);
{
  "result": true,
  "success": true
}
Returns Examples
{
  "result": true,
  "success": true
}