Skip to main content
POST
http://localhost:8001
/
revocation
/
cascade
/
{jti}
curl -X POST http://localhost:8001/revocation/cascade/8a3b9c4d-e5f6-7890-abcd-1234567890ab \
  -H "Content-Type: application/json" \
  -d '{
    "token_type": "bearer",
    "customer_id": "550e8400-e29b-41d4-a716-446655440000",
    "reason": "Security incident — revoking entire token chain"
  }'

{
  "revoked_count": 5,
  "revoked_jtis": [
    "8a3b9c4d-e5f6-7890-abcd-1234567890ab",
    "c1d2e3f4-a5b6-7890-cdef-1234567890ab",
    "d2e3f4a5-b6c7-8901-def0-234567890abc",
    "e3f4a5b6-c7d8-9012-ef01-345678901bcd",
    "f4a5b6c7-d8e9-0123-f012-456789012cde"
  ]
}
The auth service is deployed on a private network. All endpoints except /health are internal management-plane operations.

Path Parameters

jti
string
required
JTI of the root token to cascade-revoke from.

Request Body

token_type
string
required
Type of the root token. Accepted values: app, bearer, agent, subagent, session, override.
customer_id
string
required
UUID of the customer that owns the token.
reason
string
Reason for cascade revocation. Stored in the revocation log for all revoked tokens.

Response

revoked_count
integer
Total number of tokens revoked (including the root token).
revoked_jtis
string[]
List of all revoked JTIs.
curl -X POST http://localhost:8001/revocation/cascade/8a3b9c4d-e5f6-7890-abcd-1234567890ab \
  -H "Content-Type: application/json" \
  -d '{
    "token_type": "bearer",
    "customer_id": "550e8400-e29b-41d4-a716-446655440000",
    "reason": "Security incident — revoking entire token chain"
  }'

{
  "revoked_count": 5,
  "revoked_jtis": [
    "8a3b9c4d-e5f6-7890-abcd-1234567890ab",
    "c1d2e3f4-a5b6-7890-cdef-1234567890ab",
    "d2e3f4a5-b6c7-8901-def0-234567890abc",
    "e3f4a5b6-c7d8-9012-ef01-345678901bcd",
    "f4a5b6c7-d8e9-0123-f012-456789012cde"
  ]
}