Deactivate User Grant

Deactivate the user grant. The user will not be able to use the granted project anymore. Also, the roles will not be included in the tokens when requested. An error will be returned if the user grant is already deactivated.

Path Parameters

• userId string required
• grantId string required

Header Parameters

• x-zitadel-orgid string

  The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.

application/json

Request Body required

• object

application/grpc

Request Body required

• object

application/grpc-web+proto

Request Body required

• object

Responses

• 200
• default

---

A successful response.

application/json

• Schema
• Example (from schema)

---

Schema

• details object

  sequence uint64

  on read: the sequence of the last event reduced by the projection

  on manipulation: the timestamp of the event(s) added by the manipulation

  creationDate date-time

  on read: the timestamp of the first event of the object

  on create: the timestamp of the event(s) added by the manipulation

  changeDate date-time

  on read: the timestamp of the last event reduced by the projection

  on manipulation: the

  resourceOwner resource_owner is the organization an object belongs to

{
  "details": {
    "sequence": "2",
    "creationDate": "2023-05-11",
    "changeDate": "2023-05-11",
    "resourceOwner": "69629023906488334"
  }
}

application/grpc

• Schema
• Example (from schema)

---

Schema

• details object

  sequence uint64

  on read: the sequence of the last event reduced by the projection

  on manipulation: the timestamp of the event(s) added by the manipulation

  creationDate date-time

  on read: the timestamp of the first event of the object

  on create: the timestamp of the event(s) added by the manipulation

  changeDate date-time

  on read: the timestamp of the last event reduced by the projection

  on manipulation: the

  resourceOwner resource_owner is the organization an object belongs to

{
  "details": {
    "sequence": "2",
    "creationDate": "2023-05-11",
    "changeDate": "2023-05-11",
    "resourceOwner": "69629023906488334"
  }
}

application/grpc-web+proto

• Schema
• Example (from schema)

---

Schema

• details object

  sequence uint64

  on read: the sequence of the last event reduced by the projection

  on manipulation: the timestamp of the event(s) added by the manipulation

  creationDate date-time

  on read: the timestamp of the first event of the object

  on create: the timestamp of the event(s) added by the manipulation

  changeDate date-time

  on read: the timestamp of the last event reduced by the projection

  on manipulation: the

  resourceOwner resource_owner is the organization an object belongs to

{
  "details": {
    "sequence": "2",
    "creationDate": "2023-05-11",
    "changeDate": "2023-05-11",
    "resourceOwner": "69629023906488334"
  }
}

An unexpected error response.

application/json

• Schema
• Example (from schema)

---

Schema

• code int32
• message string
• details object[]

  Array [

  @type string

  ]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc

• Schema
• Example (from schema)

---

Schema

• code int32
• message string
• details object[]

  Array [

  @type string

  ]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc-web+proto

• Schema
• Example (from schema)

---

Schema

• code int32
• message string
• details object[]

  Array [

  @type string

  ]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

POST /users/:userId/grants/:grantId/_deactivate

Authorization

type: oauth2flow: authorizationCodescopes: openid,urn:zitadel:iam:org:project:id:zitadel:aud

Request

Base URL

https://$ZITADEL_DOMAIN/management/v1

Bearer Token

userId — path required

grantId — path required

x-zitadel-orgid — header

Content-Type

application/jsonapplication/grpcapplication/grpc-web+proto

Body required

{}

Accept

application/jsonapplication/grpcapplication/grpc-web+proto

curl -L -X POST 'https://$ZITADEL_DOMAIN/management/v1/users/:userId/grants/:grantId/_deactivate' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{}'

curl -L -X POST 'https://$ZITADEL_DOMAIN/management/v1/users/:userId/grants/:grantId/_deactivate' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{}'

curl -L -X POST 'https://$ZITADEL_DOMAIN/management/v1/users/:userId/grants/:grantId/_deactivate' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{}'

curl -L -X POST 'https://$ZITADEL_DOMAIN/management/v1/users/:userId/grants/:grantId/_deactivate' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{}'

curl -L -X POST 'https://$ZITADEL_DOMAIN/management/v1/users/:userId/grants/:grantId/_deactivate' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{}'

curl -L -X POST 'https://$ZITADEL_DOMAIN/management/v1/users/:userId/grants/:grantId/_deactivate' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{}'

curl -L -X POST 'https://$ZITADEL_DOMAIN/management/v1/users/:userId/grants/:grantId/_deactivate' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{}'