Contentful logo

Contentful Community

Revoking other users' personal access tokens

Is there a way for an administrator to revoke other users’ personal access tokens through the UI or the management API? It looks like we’re only able to view the access tokens that we’ve personally created on the api/cma_tokens page, and when experimenting with the code in the API docs, it also seems like the only tokens that the admin is able to see are the ones that the admin has personally created.

2 Likes

Hi @evanl,

Welcome to the Contentful Community!

Personal Access Tokens are bound to a user, not a space or organization. As such no one but the user owning the access token can revoke it. The token also takes its permissions from this user. Instead of revoking a token, instead remove the access of the user.