Revoke Access
Endpoint: DELETE /api/auth/authorization
Removes access from a user, group, or role over a specific resource.
Request body
| Parameter | Description | Type | Required/ Optional |
|---|---|---|---|
| subject.type | The type of subject whose access is being revoked. Supported values:
| string | Required. |
| subject.id | The identifier of the subject.
| string | Required. |
| target.type | The resource type from which access is being revoked. Supported values:
| string | Required. |
| target.id | The unique identifier of the resource (e.g., the workflow name) to revoke access from. | string | Required. |
| access | The set of access types to revoke. Supported values:
| array of strings | Required. |
Response
Returns a confirmation message.
Examples
Revoke a user’s READ and EXECUTE access to a workflow definition
Request
curl -X 'DELETE' \
'https://<YOUR-SERVER-URL>/api/auth/authorization' \
-H 'accept: application/json' \
-H 'X-Authorization: <TOKEN>' \
-H 'Content-Type: application/json' \
-d '{
"subject": {
"type": "user",
"id": "jane.doe@acme.com"
},
"target": {
"type": "WORKFLOW_DEF",
"id": "rate_limit_test"
},
"access": ["READ", "EXECUTE"]
}
'
Response
This revokes the user’s READ and EXECUTE access over the workflow named rate_limit_test.
{
"message": "Removed permission"
}