Skip to content
Cloudflare API
Start here
API Reference
Zero Trust
Organizations

Revoke all Access tokens for a user

POST/{accounts_or_zones}/{account_or_zone_id}/access/organizations/revoke_user

Revokes a user's access across all applications.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
Access: Organizations, Identity Providers, and Groups Write
Path ParametersExpand Collapse
account_id: optional string

The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.

zone_id: optional string

The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

Query ParametersExpand Collapse
devices: optional boolean

When set to true, all devices associated with the user will be revoked.

Body ParametersJSONExpand Collapse
email: string

The email of the user to revoke.

devices: optional boolean

When set to true, all devices associated with the user will be revoked.

user_uid: optional string

The uuid of the user to revoke.

warp_session_reauth: optional boolean

When set to true, the user will be required to re-authenticate to WARP for all Gateway policies that enforce a WARP client session duration. When false, the user’s WARP session will remain active

ReturnsExpand Collapse
result: optional true or false
One of the following:
true
false
success: optional true or false
One of the following:
true
false

Revoke all Access tokens for a user

curl https://api.cloudflare.com/client/v4/$ACCOUNTS_OR_ZONES/$ACCOUNT_OR_ZONE_ID/access/organizations/revoke_user \
    -H 'Content-Type: application/json' \
    -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
    -d '{
          "email": "test@example.com",
          "devices": true,
          "user_uid": "699d98642c564d2e855e9661899b7252",
          "warp_session_reauth": true
        }'
{
  "result": true,
  "success": true
}
Returns Examples
{
  "result": true,
  "success": true
}