POST /v1/rbac/assignments/revoke
Service: identity · operationId: (none)
Revoke a role assignment (soft-delete via revoked_at)
Required scopes
(no scope declared — review service config)
Request body
{
"type": "object",
"properties": {
"assignment_id": {
"type": "string",
"minLength": 1,
"description": "Role assignment ID to revoke"
}
},
"required": [
"assignment_id"
]
}Responses
200 Role revoked
{
"type": "object",
"properties": {
"id": {
"type": "string"
},
"subject_type": {
"type": "string",
"enum": [
"user",
"service"
]
},
"subject_id": {
"type": "string"
},
"brand_id": {
"type": "string"
},
"role": {
"type": "string"
},
"granted_at": {
"type": "string"
},
"granted_by": {
"type": "string"
},
"expires_at": {
"type": [
"string",
"null"
]
}
},
"required": [
"id",
"subject_type",
"subject_id",
"brand_id",
"role",
"granted_at",
"granted_by",
"expires_at"
]
}404 Assignment not found
{
"type": "object",
"properties": {
"error": {
"type": "string"
},
"message": {
"type": "string"
}
},
"required": [
"error",
"message"
]
}Example
curl -X POST https://identity.platform.loop.health/v1/rbac/assignments/revoke \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{ ... }'Related
services/identity— service overview- All endpoints — directory across services
- Auth model — how scopes are enforced