/v1/mgmt/agentic/identities/revokeAuthorization
Descope Project ID and Management Key Project ID:Management Key as bearer token.
In: header
Request Body
application/json
Revoke agentic identities and invalidate their consents — the same operation as revoking access in the Console. Combine filters to narrow scope:
clientId+userId— one user's grant to a specific agentconsentId+userId— a specific consent for a userresourceId+userId— all of a user's grants on one MCP server ResourceuserIdalone — all agentic identities for that user across every MCP server
Returns the number of identities revoked in revoked.
curl -X POST "https://api.descope.com/v1/mgmt/agentic/identities/revoke" \ -H "Content-Type: application/json" \ -d '{}'{ "revoked": 0}export interface Response {revoked?: number}Search agentic identities POST
List [agentic identities](/agentic-identity-hub/core-components/agents) — authorization records that bind an OAuth client to a user, tenant, or autonomous client. Filter by `clientId`, `resourceId`, `userId`, or `consentId`. Returns consent details, agent name, resource ID, and client ID for each identity. Use `page` (zero-based) and `limit` for pagination.
Rotate Access Key POST
Rotate an access key — regenerates the secret for an existing access key while preserving the same key ID, name, roles, tenants, expiry and metadata. The new cleartext is returned exactly once and the previous secret stops working immediately.