Revoke Flow Access
This endpoint allows administrators to revoke a specific user's access to a specific flow. The system will remove the flow permission from the user's API key.
Endpoint
POST /api/v1/langflow/admin/permissions/revoke
Authentication
Requires Admin authentication:
- Valid JWT token
- Admin role verification via middleware
Request Format
Sent as application/json.
Request Body
Both fields are required for revoking flow access.
| Field | Type | Description |
|---|---|---|
userId | string | The ID of the user to revoke access from |
flowId | string | The ID of the flow to revoke access from |
Example Request
curl --location 'https://8ehqmu89grlsbn-8001.proxy.runpod.net/api/v1/langflow/admin/permissions/revoke' \
--header 'Authorization: Bearer YOUR_JWT_TOKEN' \
--header 'Content-Type: application/json' \
--data '{
"userId": "user123",
"flowId": "550e8400-e29b-41d4-a716-446655440000"
}'
Response Format
Success Response
Status Code: 200 OK
When the flow access is successfully revoked, the endpoint returns a simple success status.
{
"message": "Flow access revoked successfully"
}
Error Responses
Missing Fields
Status Code: 400 Bad Request
{
"error": "Missing userId or flowId in request body"
}
User Doesn't Have Access
Status Code: 404 Not Found
When the user doesn't have access to the specified flow.
{
"error": "User doesn't have access to this flow"
}
Unauthorized
Status Code: 401 Unauthorized
{
"error": "Unauthorized access"
}
Server Error
Status Code: 500 Internal Server Error
{
"error": "Internal server error"
}
Notes
- Only administrators can revoke flow access
- The user must currently have access to the flow for revocation to succeed
- The user's API key remains active, only the specific flow permission is removed
- If this was the user's last flow permission, they may still retain the API key
- The admin who revokes access is tracked for audit purposes
- Revocation is immediate and cannot be undone (must re-grant if needed)