Skip to main content

Delete tokens


Deletes tokens.

The tokens deleted are those that match all the criteria in the token_ids, object_ids, tags, and tenant_id parameters. tenant_id is matched against the tenant ID of the object owning the token. If the token query finds no matches, the operation returns a 404 error. See delete tokens for more details.

The role performing this operation must have both of these:

  • The CapTokensWriter capability.
  • At least one allowing policy and no denying policies for the delete operation for the tokens resource of the specified collection.

See identity and access management for more information about how capabilities are used to control access to operations and policies are used to control access to data.


Header parameters

  • X-Tenant-Id - array of strings

    List of tenant IDs to enforce on the request.

Path parameters

  • collection - string required*

    The name of a collection.

Query parameters

  • object_ids - array of strings

    Comma-separated list of object IDs.

    Each string:
  • tags - array of strings

    Comma-separated list of tags.

  • token_ids - array of strings

    Comma-separated list of token IDs.

  • tenant_id - string

    A Tenant ID. Can only be provided as an additional filter to tokens_ids, object_ids, or tags. DEPREDATED: Use X-Tenant-Id header instead.

  • options - array of strings

    Options for the operation. Options include:

    • archived – whether to delete only archived tokens. If not specified, delete only active tokens.
    Each string:
  • adhoc_reason - string

    An ad-hoc reason for accessing the Vault data. Required when reason is set to Other.

  • reason - string required*

    Details of the reason for requesting the property. The default is set when no access reason is provided and PVAULT_SERVICE_FORCE_ACCESS_REASON is false.

  • reload_cache - boolean

    Reloads the cache before the action.

Possible responses

The request is successful.

Try the API


Path parameters

Query parameters


Navigate to the docs of your local Vault installation to try the API directly from there.

Code examples