Revoke Access
Overview
Revokes access from a credential for one or more API Proxies or API Proxy Groups. The credential will no longer be able to access the specified resources. Access revocation is automatically deployed to all environments.
Endpoint
DELETE /apiops/projects/{projectName}/credentials/{username}/access/
Authentication
Requires a Personal API Access Token.
Header
Authorization: Bearer YOUR_TOKEN
Request
Headers
| Header | Value | Required |
|---|---|---|
| Authorization | Bearer {token} | Yes |
| Content-Type | application/json | Yes |
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| projectName | string | Yes | Project name |
| username | string | Yes | Username of the credential |
Request Body
Same structure as Grant Access. Object containing an array of access objects.
Full JSON Body Example - Revoke Access from Single API Proxy
{
"credentialAccessList": [
{
"name": "MyAPI",
"type": "API_PROXY"
}
]
}
Full JSON Body Example - Revoke Access from Multiple Resources
{
"credentialAccessList": [
{
"name": "MyAPI",
"type": "API_PROXY"
},
{
"name": "PaymentAPI",
"type": "API_PROXY"
},
{
"name": "MyAPIGroup",
"type": "API_PROXY_GROUP"
}
]
}
Request Body Fields
Same as Grant Access. See Grant Access for field descriptions.
Notes
- Request body must be an object with
credentialAccessListarray - Each access object must have
nameandtype namemust match an existing API Proxy or API Proxy Grouptypemust be eitherAPI_PROXYorAPI_PROXY_GROUP- Access must exist to be revoked
- Revocation is automatically deployed to all environments
Response
Success Response (200 OK)
{
"success": true,
"deploymentResult": {
"success": true,
"message": "Undeployment completed successfully",
"environmentResults": [
{
"environmentName": "production",
"success": true,
"message": "Undeployed successfully"
},
{
"environmentName": "staging",
"success": true,
"message": "Undeployed successfully"
}
]
}
}
Error Response (400 Bad Request)
{
"error": "bad_request",
"error_description": "Credential access object name can not be empty!"
}
or
{
"error": "bad_request",
"error_description": "API Proxy (name:MyAPI) is not found or user does not have privilege to access it!"
}
Common Causes
- Empty access object
- Missing
nameortypefield - API Proxy or API Proxy Group does not exist
- Access does not exist (already revoked)
cURL Example
Example 1: Revoke Access from Single API Proxy
curl -X DELETE \
"https://demo.apinizer.com/apiops/projects/MyProject/credentials/api-user/access/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"credentialAccessList": [
{
"name": "MyAPI",
"type": "API_PROXY"
}
]
}'
Example 2: Revoke Access from Multiple Resources
curl -X DELETE \
"https://demo.apinizer.com/apiops/projects/MyProject/credentials/api-user/access/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"credentialAccessList": [
{
"name": "MyAPI",
"type": "API_PROXY"
},
{
"name": "MyAPIGroup",
"type": "API_PROXY_GROUP"
}
]
}'
Notes and Warnings
- Request Body Format:
- Request body must be an object with
credentialAccessListarray - Even for single revocation, use object format with array inside
- Request body must be an object with
- Access Must Exist:
- Access must exist to be revoked
- Revoking non-existent access will fail silently
- Automatic Undeployment:
- Access revocation is automatically undeployed from all environments
- Undeployment results are returned in the response
- API Proxy Group:
- Revoking access from API Proxy Group revokes access to all APIs in the group
- Individual API accesses are not affected if group access is revoked
- Permissions:
- Requires
ROLE_MANAGE_PROXIESpermission - Requires
ROLE_DEPLOY_UNDEPLOY_PROXIESpermission for undeployment - User must have access to the project and resources
- Requires
Related Documentation
- Get Granted Access List - Get list of granted accesses
- Grant Access - Grant access to API Proxy or Group
- Delete Credential - Delete a credential