> ## Documentation Index > Fetch the complete documentation index at: https://www.dynamic.xyz/docs/llms.txt > Use this file to discover all available pages before exploring further. # Revoke an authorized client > Sets `revoked_at = now()`. Subsequent API calls carrying the JWT for this client return 401 immediately (the auth middleware checks `revoked_at` on every request via the `cid` JWT claim). Idempotent. ## OpenAPI ````yaml https://app.dynamic.xyz/api-docs/public-api.yaml delete /auth/clients/{authorizedClientId} openapi: 3.0.1 info: title: Dashboard API description: Dashboard API documentation version: 1.0.0 servers: - url: https://app.dynamicauth.com/api/v0 - url: https://app.dynamic.xyz/api/v0 - url: http://localhost:3333/api/v0 security: [] tags: - name: Analytics description: Query usage analytics and event counts for your environment. - name: SDK description: SDK-facing endpoints consumed by embedded Dynamic clients. - name: Organizations description: >- Manage organizations — the top-level container for all environments and projects. - name: Projects description: Manage projects that group related environments under an organization. - name: Environments description: >- Manage environments (live and sandbox) where your authentication configuration lives. - name: Users description: List, search, and manage authenticated users within an environment. - name: Invites description: >- Manage invitation links that grant specific external users access to your environment. - name: Tokens description: >- Create and manage API tokens used to authenticate requests to the Dynamic API. - name: Origins description: >- Configure allowed origins (CORS) for SDK and API access to your environment. - name: Allowlists description: >- Manage allowlists to control which wallet addresses or email addresses can access your environment. - name: Wallets description: View and manage wallets linked to users in your environment. - name: Members description: Manage team members and their roles within an organization. - name: Sessions description: View and revoke active user sessions within an environment. - name: Settings description: Read and update environment-level configuration settings. - name: Exchanges description: >- Configure exchange integrations (Coinbase, Binance, etc.) for fiat on-ramp within your environment. - name: Providers description: >- List, enable, disable, and configure authentication providers (OAuth, email, wallet, SMS, etc.) for your environment. - name: Captcha description: >- Configure captcha verification (provider, site key, secret key) for your environment. - name: Gates description: >- Define access gates that restrict environment entry to users who meet specific criteria. - name: Chains description: >- Manage the blockchain networks available for wallet connection in your environment. - name: Exports description: Export user and wallet data from your environment as downloadable files. - name: Events description: Browse the event log of actions performed within your environment. - name: Webhooks description: >- Create and manage webhooks to receive real-time events (user.created, wallet.linked, etc.) at your endpoint. - name: Custom Fields description: >- Define and manage custom metadata fields collected from users at sign-up or login. - name: MfaSettings description: >- Configure multi-factor authentication (MFA) policies for your organization. - name: Mfa description: Manage MFA enrollment and verification for individual users. - name: CustomHostnames description: >- Configure custom hostnames for white-labeling the Dynamic authentication experience. - name: TestAccount description: >- Manage test accounts used for automated testing and QA within an environment. - name: NameServices description: >- Configure name service integrations (ENS, Unstoppable Domains, etc.) for human-readable wallet addresses. - name: GlobalWallets description: >- Manage global wallets shared across multiple environments in an organization. - name: GlobalWalletConnections description: Configure which environments can access and use global wallets. - name: GlobalWalletAccessControl description: Control which users and roles can access and operate global wallets. - name: UserApiTokens description: >- Create and manage user-scoped API tokens for programmatic access on behalf of a user. - name: Waas description: Wallet-as-a-Service endpoints for creating and managing embedded wallets. - name: WalletConnect description: Configure WalletConnect integration settings for your environment. - name: Checkout description: >- Accept crypto payments and deposits from any wallet. Settle in any token you choose. - name: Flow description: >- Accept crypto payments, deposits, and withdrawals. Amount and destination are fixed server-side at create; the post-create lifecycle is driven with a capability session token. - name: Custom Networks description: >- Add and manage custom EVM-compatible networks beyond the built-in chain list. - name: Chainalysis description: >- Configure Chainalysis integration for blockchain address screening and risk assessment. - name: Visits description: Track and query user visit activity within your environment. - name: ExternalJwt description: >- Configure external JWT providers so existing auth tokens can be used with Dynamic. - name: SDK Views description: >- Manage SDK view configurations that customize the appearance of Dynamic modals and flows. - name: DeeplinkUrls description: Configure deep link URLs for mobile app integration with the Dynamic SDK. - name: OrganizationSettings description: >- Read and update organization-level settings such as approval workflow configuration. - name: AdminActions description: >- Manage admin action requests that require approval from another administrator. - name: ClientGrant description: | OAuth 2.0 Device Authorization Grant flow (RFC 8628) used by first-party Dynamic clients (CLI, MCP server, demo apps, IDE plugins) to obtain a revocable, 30-day client JWT without ever seeing the user's dashboard session token. - name: AuthorizedClients description: | Manage first-party clients (CLI / MCP / demo / IDE plugins) authorized to act as a dashboard user. Surfaced under Profile → Authorized Clients. paths: /auth/clients/{authorizedClientId}: delete: tags: - AuthorizedClients summary: Revoke an authorized client description: | Sets `revoked_at = now()`. Subsequent API calls carrying the JWT for this client return 401 immediately (the auth middleware checks `revoked_at` on every request via the `cid` JWT claim). Idempotent. operationId: revokeAuthorizedClient parameters: - in: path name: authorizedClientId required: true schema: $ref: '#/components/schemas/uuid' responses: '200': description: Authorized client revoked. content: application/json: schema: $ref: '#/components/schemas/AuthorizedClient' '401': $ref: '#/components/responses/Unauthorized' '404': description: Authorized client not found. '500': $ref: '#/components/responses/InternalServerError' components: schemas: uuid: type: string pattern: ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$ minLength: 36 maxLength: 36 example: 95b11417-f18f-457f-8804-68e361f9164f AuthorizedClient: description: > A first-party client (CLI / MCP / demo / IDE plugin) authorized to act as the user via the OAuth grant flow. Surfaced in `Profile → Authorized Clients` for management. type: object required: - id - client_type - created_at - expires_at properties: id: $ref: '#/components/schemas/uuid' client_type: $ref: '#/components/schemas/ClientTypeEnum' client_name: description: Package or product name reported at grant time. type: string nullable: true client_version: description: Version reported at grant time. type: string nullable: true label: description: | User-editable label. Defaults to `client_metadata.hostname` at grant time; the user can rename it from the management UI. type: string nullable: true ip_at_grant: description: IP address recorded at grant approval time. type: string nullable: true created_at: type: string format: date-time last_used_at: description: > Timestamp of the most recent successful auth check. Sampled at most once per minute per client to avoid write amplification on hot loops. type: string format: date-time nullable: true revoked_at: description: When the client was revoked. Null = active. type: string format: date-time nullable: true expires_at: description: >- When the client's JWT naturally expires (typically 30 days post-grant). type: string format: date-time is_current: description: | True when the listing request's own JWT references this row. The UI uses this to render a "This client" badge and require extra confirmation on revoke. type: boolean ClientTypeEnum: description: > Type of first-party client being authorized. `cli` for the dyn CLI, `mcp` for an MCP server, `demo` for demo applications oauth-ing into redcoast, `ide-plugin` for editor extensions, and `other` as a catch-all. type: string enum: - cli - mcp - demo - ide-plugin - other Unauthorized: type: object properties: error: description: Human-readable error message describing the authentication failure type: string example: No jwt provided! InternalServerError: type: object properties: error: description: Human-readable error message type: string example: Internal Server Error responses: Unauthorized: description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Unauthorized' InternalServerError: description: Internal Server Error content: application/json: schema: $ref: '#/components/schemas/InternalServerError' ````