Skip to content
Cloudflare API
Start here
API Reference
Zero Trust
Organizations

Revoke all Access tokens for a user

zero_trust.organizations.revoke_users(OrganizationRevokeUsersParams**kwargs) -> OrganizationRevokeUsersResponse
POST/{accounts_or_zones}/{account_or_zone_id}/access/organizations/revoke_user

Revokes a user's access across all applications.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
Access: Organizations, Identity Providers, and Groups Write
ParametersExpand Collapse
email: str

The email of the user to revoke.

account_id: Optional[str]

The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.

zone_id: Optional[str]

The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

devices: Optional[bool]

When set to true, all devices associated with the user will be revoked.

devices: Optional[bool]

When set to true, all devices associated with the user will be revoked.

user_uid: Optional[str]

The uuid of the user to revoke.

warp_session_reauth: Optional[bool]

When set to true, the user will be required to re-authenticate to WARP for all Gateway policies that enforce a WARP client session duration. When false, the user’s WARP session will remain active

ReturnsExpand Collapse
Literal[true, false]
One of the following:
true
false

Revoke all Access tokens for a user

import os
from cloudflare import Cloudflare

client = Cloudflare(
    api_token=os.environ.get("CLOUDFLARE_API_TOKEN"),  # This is the default and can be omitted
)
response = client.zero_trust.organizations.revoke_users(
    email="test@example.com",
    account_id="account_id",
)
print(response)
{
  "result": true,
  "success": true
}
Returns Examples
{
  "result": true,
  "success": true
}