Revoke a user's access
Revokes the user — blocks login, kills active sessions, and hides them from pickers. The row is kept (reinstate restores it). Revoking yourself is forbidden.
Revokes the user — blocks login, kills active sessions, and hides them from pickers. The row is kept (reinstate restores it). Revoking yourself is forbidden.
The per-tenant API key, copied from Settings → API & integrations.
Sent as the x-api-key request header. The key is tenant-scoped and acts
with Admin-equivalent, tenant-wide access.
In: header
Path Parameters
Resource id.
Response Body
application/json
application/json
application/json
application/json
curl -X POST "https://example.com/users/497f6eca-6276-4993-bfeb-53cbbbba6f08/revoke"{ "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08", "status": "revoked"}{ "error": { "code": "unauthorized", "message": "Missing or invalid API key." }}{ "error": { "code": "read_only", "message": "Your subscription is inactive. This action is read-only." }}{ "error": { "code": "not_found", "message": "Not found." }}Reset a user's password POST
Sets a new password for the user (≥4 chars), signing them out of every device. Returns the credentials to share (no email in v1).
Update a user PATCH
Edits a user's `name` and/or account `role` (Site Crew ⇄ Admin) and returns the updated user. The key is tenant-Admin-equivalent: it can't change its own acting admin's role, nor demote the **last** admin (either is `403`). Email and password are not editable here — use `POST /users/{id}/reset-password` for the password. Provide at least one of `name`/`role` (an empty body is `422`).