/v1/mgmt/agentic/identities/searchAuthorization
Descope Project ID and Management Key Project ID:Management Key as bearer token.
In: header
Request Body
application/json
Page number starting with 0 for the first page
int32int32List agentic identities — authorization records that bind an OAuth client to a user, tenant, or autonomous client. Filter by clientId, resourceId, userId, or consentId. Returns consent details, agent name, resource ID, and client ID for each identity.
Use page (zero-based) and limit for pagination.
curl -X POST "https://api.descope.com/v1/mgmt/agentic/identities/search" \ -H "Content-Type: application/json" \ -d '{}'{ "identities": [ { "consent": { "id": "string", "appId": "string", "userId": "string", "scopes": [ "string" ], "grantedBy": "string", "createdTime": 0, "tenantId": "string", "ExpireTime": 0, "modifiedTime": 0 }, "agentName": "string", "resourceId": "string", "clientId": "string", "createdBy": "string" } ], "total": 0}export interface Response {identities?: AgenticIdentity[]total?: number}export interface AgenticIdentity {consent?: ThirdPartyApplicationConsentagentName?: stringresourceId?: stringclientId?: stringcreatedBy?: string}export interface ThirdPartyApplicationConsent {id?: stringappId?: stringuserId?: stringscopes?: string[]grantedBy?: stringcreatedTime?: numbertenantId?: stringExpireTime?: numbermodifiedTime?: number}Batch Upload Outbound App Tenant OAuth Tokens POST
### Batch upload tenant OAuth tokens for an outbound application Import pre-existing tenant-scoped OAuth tokens in a single request. This operation is all-or-nothing: if any token fails validation, the entire batch is rejected and no tokens are committed. Fix the reported failures and retry the full batch. Requires a management key.
Revoke agentic identities POST
Revoke agentic identities and invalidate their consents — the same operation as [revoking access in the Console](/agentic-identity-hub/core-components/agents#revoking-access). Combine filters to narrow scope: - `clientId` + `userId` — one user's grant to a specific agent - `consentId` + `userId` — a specific consent for a user - `resourceId` + `userId` — all of a user's grants on one MCP server [Resource](/resources) - `userId` alone — all agentic identities for that user across every MCP server Returns the number of identities revoked in `revoked`.