Skip to main content
POST
/
api
/
v1
/
access_revocations
Create an access revocation
curl --request POST \
  --url https://api.accessowl.com/api/v1/access_revocations \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "access_state_id": "7488a646-e31f-11e4-aace-600308960663",
  "reason": "Role no longer requires this access"
}
'
{
  "application_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "reason": "<string>",
  "grantee_user_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "inserted_at": "2023-11-07T05:31:56Z",
  "permission_ids": [
    "3c90c3cc-0d44-4b50-8888-8dd25736052a"
  ],
  "requestor_user_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "resource_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a"
}

Authorizations

Authorization
string
header
required

Bearer token authentication. Pass your AccessOwl API token in the Authorization header as Bearer <token>.

Headers

Idempotency-Key
string

Optional key (1–255 chars) for safely retrying a request. Reusing the same key for the same request returns 409 Conflict and is not processed again — this confirms the request was already received. Keys are retained for 14 days.

Required string length: 1 - 255

Body

application/json

Access revocation parameters

Request body for creating an access revocation from an access state

access_state_id
string<uuid>
required

Access state ID identifying the access to revoke

reason
string
required

Reason for the revocation

Maximum string length: 255

Response

Access revocation created

An access revocation

application_id
string<uuid>
required

Application ID

id
string<uuid>
required

Access revocation ID

reason
string
required

Revocation reason

status
enum<string>
required

Current status of the revocation

Available options:
processing_access,
rejected,
revoked
grantee_user_id
string<uuid>

User ID of the grantee

inserted_at
string<date-time>

Creation timestamp

permission_ids
string<uuid>[] | null

Permission IDs being revoked

provisioning_type
enum<string> | null

Provisioning type

Available options:
application_admin,
automatic
requestor_user_id
string<uuid>

User ID of the requestor

resource_id
string<uuid> | null

Resource ID (null for app-wide revocations)