Revocation is a reshare that removes the delegated server share. After revocation, the developer can no longer act on the user’s behalf.
Revocation process:
- User (or your app) initiates revocation
- Dynamic performs a reshare ceremony
- Developer’s external share becomes invalid
- All delegated operations are immediately blocked
Revoke delegation
Use revokeWaasDelegation to revoke access for a wallet account.
import { getWalletAccounts } from '@dynamic-labs-sdk/client';
import { revokeWaasDelegation } from '@dynamic-labs-sdk/client/waas';
const walletAccounts = getWalletAccounts();
const walletAccount = walletAccounts[0];
await revokeWaasDelegation({ walletAccount });
With password encryption
If the wallet uses password encryption, provide the same password that was used when delegating.
import { getWalletAccounts } from '@dynamic-labs-sdk/client';
import { revokeWaasDelegation } from '@dynamic-labs-sdk/client/waas';
const walletAccounts = getWalletAccounts();
const walletAccount = walletAccounts[0];
await revokeWaasDelegation({ walletAccount, password: 'user-password' });
Parameters
| Parameter | Type | Required | Description |
|---|
walletAccount | WalletAccount | Yes | The WaaS wallet account to revoke delegation for |
password | string | No | Password used when delegating, if wallet is password-protected |
Webhook payload (wallet.delegation.revoked)
Your server receives this webhook after revocation completes:
{
"eventName": "wallet.delegation.revoked",
"eventId": "3f0a1b1c-0000-4000-8000-aaaaaaaaaaaa",
"timestamp": "2025-10-01T16:00:00.000Z",
"userId": "7eb7843b-2a4d-4f69-b95e-d219f0662fda",
"data": {
"walletId": "25193936-3ecd-4c1b-84e6-9eabc82e53c2",
"chain": "EVM"
}
}
Cleanup checklist (server)
- Invalidate cached delegated materials for the
walletId.
- Stop any delegated jobs/agents for the wallet.
- Remove or rotate stored delegated share and per‑wallet API key.
- Treat duplicate events as idempotent using
eventId.
Last modified on April 3, 2026