> ## Documentation Index
> Fetch the complete documentation index at: https://docs.fluz.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Remove Authorized User

Remove an authorized user from the caller's account by deactivating their role assignment. This mutation does not delete the user — it sets the role assignment on the caller's account to `INACTIVE`, revoking their access. The account owner (`OWNER` role) cannot be removed through this endpoint.

The target account is always resolved from the caller's credentials — Bearer tokens use the token's account; Basic (API key) callers use the application's configured operator account. The `authUserId` must refer to a role assignment on that account; otherwise the request is rejected.

🔒 Restricted Access

This mutation requires the `MANAGE_SUBUSERS` scope. It supports both Bearer (user access token) and Basic (`<API_KEY>`) authentication.

```graphql theme={null}
mutation RemoveAuthorizedUser(
  $authUserId: UUID!
) {
  removeAuthorizedUser(
    authUserId: $authUserId
  ) {
    success
    authUserId
    status
    error {
      code
      message
    }
  }
}
```

<br />

### Parameters

| Parameter  | Type | Required | Description                                                                                                               |
| :--------- | :--- | :------- | :------------------------------------------------------------------------------------------------------------------------ |
| authUserId | UUID | Yes      | The authorized user ID (UAC role assignment ID) to deactivate. Obtain this from `authorizedUsers` or `addAuthorizedUser`. |

<br />

### Response

#### Success Response

```json theme={null}
{
  "data": {
    "removeAuthorizedUser": {
      "success": true,
      "authUserId": "8b2c1e0a-7d4f-4a9b-9c2d-1f3e4a5b6c7d",
      "status": "INACTIVE",
      "error": null
    }
  }
}
```

<br />

### Response Fields

| Field        | Type                | Description                                                             |
| :----------- | :------------------ | :---------------------------------------------------------------------- |
| `success`    | Boolean             | `true` if the role assignment was successfully deactivated.             |
| `authUserId` | UUID                | The authorized user ID (UAC role assignment ID) that was updated.       |
| `status`     | UACRoleStatusType   | Updated status of the role assignment. Will be `INACTIVE` on success.   |
| `error`      | AuthorizedUserError | If `success` is false, an Error object containing `code` and `message`. |

<br />

<Note>
  This mutation returns errors in the response data, not as GraphQL errors. Always check the `success` field and handle the `error` object when `success` is false.
</Note>

### Example Request

```curl theme={null}
curl -X POST https://transactional-graph.staging.fluzapp.com/api/v1/graphql \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <your_access_token>" \
  -d '{
  "query": "mutation RemoveAuthorizedUser($authUserId: UUID!) { removeAuthorizedUser(authUserId: $authUserId) { success authUserId status error { code message } } }",
  "variables": {
    "authUserId": "8b2c1e0a-7d4f-4a9b-9c2d-1f3e4a5b6c7d"
  }
}'
```

```typescript theme={null}
const response = await fetch('https://transactional-graph.staging.fluzapp.com/api/v1/graphql', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Authorization': `Bearer ${accessToken}`
  },
  body: JSON.stringify({
    query: `
      mutation RemoveAuthorizedUser(
        $authUserId: UUID!
      ) {
        removeAuthorizedUser(
          authUserId: $authUserId
        ) {
          success
          authUserId
          status
          error {
            code
            message
          }
        }
      }
    `,
    variables: {
      authUserId: "8b2c1e0a-7d4f-4a9b-9c2d-1f3e4a5b6c7d"
    }
  })
});

const data = await response.json();

if (data.data.removeAuthorizedUser.success) {
  console.log('Authorized user removed:', data.data.removeAuthorizedUser);
} else {
  console.error('Remove authorized user failed:', data.data.removeAuthorizedUser.error);
}
```

### Error Codes

| Code        | Message                                                                             | Description                                                                                                                                                                  |
| :---------- | :---------------------------------------------------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `ARG-0002`  | Missing required arguments                                                          | `authUserId` was not provided.                                                                                                                                               |
| `AUTH-0008` | Invalid user access                                                                 | The caller could not be resolved from the access token or API key, or the Basic-auth application has no operator account configured. Verify your authentication credentials. |
| `AUTH-0031` | The requested scopes must be granted by the user first.                             | The token is missing the `MANAGE_SUBUSERS` scope required to manage authorized users.                                                                                        |
| `AUTH-0034` | No role assignment found for the provided authorized user on the specified account. | The `authUserId` does not exist on the caller's account, or the assignment is already `INACTIVE`.                                                                            |
| `AUTH-0036` | The account owner cannot be removed.                                                | The referenced role assignment holds the `OWNER` role and cannot be removed through this endpoint.                                                                           |
| `AUTH-0037` | Unable to manage authorized user. Please try again or contact support.              | A general failure occurred while deactivating the role assignment. Please retry or contact support.                                                                          |

<br />
