Remove Auth User
Remove an authorized user from the caller's account by deactivating their role assignment. This mutation does not delete the user — it sets the role assignment on the caller's account to INACTIVE, revoking their access. The account owner (OWNER role) cannot be removed through this endpoint.
The target account is always resolved from the caller's credentials — Bearer tokens use the token's account; Basic (API key) callers use the application's configured operator account. The authUserId must refer to a role assignment on that account; otherwise the request is rejected.
🔒 Restricted Access
This mutation requires the MANAGE_SUBUSERS scope. It supports both Bearer (user access token) and Basic (<API_KEY>) authentication.
mutation RemoveAuthorizedUser(
$authUserId: UUID!
) {
removeAuthorizedUser(
authUserId: $authUserId
) {
success
authUserId
status
error {
code
message
}
}
}Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| authUserId | UUID | Yes | The authorized user ID (UAC role assignment ID) to deactivate. Obtain this from authorizedUsers or addAuthorizedUser. |
Response
Success Response
{
"data": {
"removeAuthorizedUser": {
"success": true,
"authUserId": "8b2c1e0a-7d4f-4a9b-9c2d-1f3e4a5b6c7d",
"status": "INACTIVE",
"error": null
}
}
}Response Fields
| Field | Type | Description |
|---|---|---|
success | Boolean | true if the role assignment was successfully deactivated. |
authUserId | UUID | The authorized user ID (UAC role assignment ID) that was updated. |
status | UACRoleStatusType | Updated status of the role assignment. Will be INACTIVE on success. |
error | AuthorizedUserError | If success is false, an Error object containing code and message. |
Note: This mutation returns errors in the response data, not as GraphQL errors. Always check the
successfield and handle theerrorobject whensuccessis false.
Example Request
curl -X POST https://transactional-graph.staging.fluzapp.com/api/v1/graphql \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <your_access_token>" \
-d '{
"query": "mutation RemoveAuthorizedUser($authUserId: UUID!) { removeAuthorizedUser(authUserId: $authUserId) { success authUserId status error { code message } } }",
"variables": {
"authUserId": "8b2c1e0a-7d4f-4a9b-9c2d-1f3e4a5b6c7d"
}
}'const response = await fetch('https://transactional-graph.staging.fluzapp.com/api/v1/graphql', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': `Bearer ${accessToken}`
},
body: JSON.stringify({
query: `
mutation RemoveAuthorizedUser(
$authUserId: UUID!
) {
removeAuthorizedUser(
authUserId: $authUserId
) {
success
authUserId
status
error {
code
message
}
}
}
`,
variables: {
authUserId: "8b2c1e0a-7d4f-4a9b-9c2d-1f3e4a5b6c7d"
}
})
});
const data = await response.json();
if (data.data.removeAuthorizedUser.success) {
console.log('Authorized user removed:', data.data.removeAuthorizedUser);
} else {
console.error('Remove authorized user failed:', data.data.removeAuthorizedUser.error);
}Error Codes
| Code | Message | Description |
|---|---|---|
ARG-0002 | Missing required arguments | authUserId was not provided. |
AUTH-0008 | Invalid user access | The caller could not be resolved from the access token or API key, or the Basic-auth application has no operator account configured. Verify your authentication credentials. |
AUTH-0031 | The requested scopes must be granted by the user first. | The token is missing the MANAGE_SUBUSERS scope required to manage authorized users. |
AUTH-0034 | No role assignment found for the provided authorized user on the specified account. | The authUserId does not exist on the caller's account, or the assignment is already INACTIVE. |
AUTH-0036 | The account owner cannot be removed. | The referenced role assignment holds the OWNER role and cannot be removed through this endpoint. |
AUTH-0037 | Unable to manage authorized user. Please try again or contact support. | A general failure occurred while deactivating the role assignment. Please retry or contact support. |
Updated 6 days ago