Revoke every trusted device for the caller

DELETE

/v1/identity/auth/mfa/trusted-devices

Authentication

Bearer Token Authorization
JWT access token

Code samples

cURL

JavaScript

Python

curl -X DELETE "https://api.canopy.dev/v1/identity/auth/mfa/trusted-devices" \
  -H "Authorization: Bearer $CANOPY_TOKEN"

const response = await fetch("https://api.canopy.dev/v1/identity/auth/mfa/trusted-devices", {
  method: "DELETE",
  headers: {
    "Authorization": "Bearer $CANOPY_TOKEN"
  },
});

const data = await response.json();

import requests

response = requests.delete(
    "https://api.canopy.dev/v1/identity/auth/mfa/trusted-devices",
    headers={
    "Authorization": "Bearer $CANOPY_TOKEN"
    },
)

data = response.json()

package main

import (
	"net/http"
)

func main() {
	req, _ := http.NewRequest("DELETE", "https://api.canopy.dev/v1/identity/auth/mfa/trusted-devices", nil)
	req.Header.Set("Authorization", "Bearer $CANOPY_TOKEN")

	resp, _ := http.DefaultClient.Do(req)
	defer resp.Body.Close()
}

Responses

204 Deletes every row for the identity, regardless of env. Use this for 'sign out everywhere'-style flows.

401 Invalid or expired token

403 This token is not authorized for this endpoint (wrong principal type — e.g., admin token on identity-only endpoint, or vice versa)

On this page

GETList enrolled MFA factors for the caller
POSTBegin TOTP factor enrollment
POSTComplete TOTP factor enrollment
POSTBegin WebAuthn factor enrollment
POSTComplete WebAuthn factor enrollment
POSTProve a fresh factor to authorise a sensitive MFA mutation
POSTBegin a WebAuthn-backed step-up ceremony
POSTComplete a WebAuthn step-up ceremony
DELETERemove an enrolled MFA factor
POSTRegenerate the identity's single-use recovery codes
GETList the identity's active 'remember this device' records
DELETERevoke a single trusted device

Revoke every trusted device for the caller

Authentication

Code samples

Responses

Related endpoints