Revoke tokens for devices.

Published on Mar 2, 2026

3 minute read

Prev Next

Post

/on-boarded-devices/revoke-tokens

Revoke tokens for devices according to the request parameters.

Security

HTTP

Type bearer

Body parameters

Device revocation parameters.

object

Details for token revocation request.

distinguishedNameFilter

string Required

The filter to find devices by their distinguished names. It is used with "starts with" logic. If a full distinguished name is passed, then a single device will be affected. If "OU=ldap" is passed, then all devices for "ldap" identity provider will be affected. If left as empty string "", then all active devices past 24 hours will be affected. Cannot be null.

ExampleCN=4c07bc6757ea42ddb702c2d6c45419fc,CN=user,OU=ldap

specificDistinguishedNames

Array of string

Specific distinguished names can be defined to renew tokens in bulk for a specific list of devices. "distinguishedNameFilter" field should be empty string for this to work.

string

ExampleCN=4c07bc6757ea42ddb702c2d6c45419fc,CN=user,OU=ldap

siteId

string (uuid)

Optional parameter to revoke only devices that connected to the given Site ID.

tokenType

string

Optional parameter to revoke only certain types of tokens.

Valid values[ "Claims", "AdminClaims", "Entitlement", "Administration" ]

revocationReason

string

Optional reason text for the revocation. The value is stored and logged.

ExamplePushing the policy changes.

delayMinutes

integer

The delay time for client token revocation in minutes. Client will renew the token(s) at least 5 minutes before the revocation time, without losing connection.

Default5

devicesPerSecond

number

In order to spread the workload on the Controllers, tokens are revoked in batches according to this value.

Default2.0

Responses

200

Device tokens were revoked successfully. Returns the list of devices affected.

Expand All

object

range

string

The range applied to the list. Format: -/. 3-5/8 means, out of 8 count (query affects the total), the items between (including) the 3rd and the 5th are returned.

Example0-30/54

orderBy

string

The field name used to sort the list.

Examplename

descending

boolean

Whether the sorting is applied descending or ascending.

queries

Array of string

The queries applied to the list.

string

totalCount

integer

The total readable count of entities. Not influenced by the query.

Example328

filterBy

Array of object (FilterBy)

The filters applied to the list.

object

name

string

The field name the filter is applied to.

Examplename

value

string

The value used for comparison.

ExampleAWS

data

Array of object (OnBoardedDevice)

List of Registered Devices.

object

distinguishedName

string

Distinguished name of a user&device combination. Format: "CN=,CN=,OU="

ExampleCN=4c07bc6757ea42ddb702c2d6c45419fc,CN=user,OU=ldap

deviceId

string (uuid)

The device ID, same as the one in the Distinguished Name.

Example4c07bc67-57ea-42dd-b702-c2d6c45419fc

username

string

The username, same as the one in the Distinguished Name.

Exampleuser

providerName

string

The provider name of the user, same as the one in the Distinguished Name.

Exampleldap

device_type

string

Type of the registered device.

Valid values[ "Client", "Admin", "Client/Admin" ]

hostname

string

Hostname of the Device at the time of registration, sent by the Device.

Exampleuser.ad.company.com

onBoardedAt

string (date-time)

Registration time.

lastSeenAt

string (date-time)

The time when the device last signed in. 'null' if it has signed in last on a Controller that was older than 5.4 at the time.

400

JSON error. Check the JSON format.

object

Generic HTTP error.

string

Machine readable error code.

message

string

Human readable error details.

401

Token error. Login again.

object

Generic HTTP error.

string

Machine readable error code.

message

string

Human readable error details.

403

Insufficient permissions to access this resource.

object

Generic HTTP error.

string

Machine readable error code.

message

string

Human readable error details.

406

Invalid 'Accept' header.

object

Generic HTTP error.

string

Machine readable error code.

message

string

Human readable error details.

422

Request validation error. Check "errors" array for details.

Expand All

object

Http 422 error for object validation.

string

Machine readable error code.

message

string

Human readable error details.

errors

Array of object

List of fields with validation errors.

object

field

string

Name of the field that failed validation.

Examplename

message

string

Failure reason.

Examplemay not be null

500

Unexpected server side error.

object

Generic HTTP error.

string

Machine readable error code.

message

string

Human readable error details.

Was this article helpful?