API Tokens

Revoke Organization API Token

Revokes a token scoped to this organization.

The path takes a token ID, not a name, because names are unique per user but not across users — an admin revoking a member’s token can’t disambiguate by name alone.

Authorization is symmetric with the list endpoint:

Admins and owners can revoke any token scoped to the organization (org-scoped or group-scoped, regardless of who minted it).
Members and viewers can revoke only tokens they minted themselves.

A token scoped to a different organization returns 404, not 403, so the endpoint does not leak the existence of cross-org token IDs. Unrestricted tokens are also unreachable here and must be revoked via DELETE /v1/auth/api-tokens/{tokenName}.

DELETE

organizations

{organizationSlug}

api-tokens

{tokenId}

curl -L -X DELETE 'https://api.turso.tech/v1/organizations/{organizationSlug}/api-tokens/{tokenId}' \
  -H 'Authorization: Bearer TOKEN'

{
  "token": "clGFZ4STEe6fljpFzIum8A"
}

This endpoint takes a token ID (not a name) because token names are not unique across users in an organization. Admins and owners may revoke any token scoped to the organization; members and viewers may only revoke tokens they minted themselves. Use DELETE /v1/auth/api-tokens/{tokenName} to revoke unrestricted tokens.

curl -L -X DELETE 'https://api.turso.tech/v1/organizations/{organizationSlug}/api-tokens/{tokenId}' \
  -H 'Authorization: Bearer TOKEN'

Authorizations

Authorization

string

header

required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

organizationSlug

string

required

The slug of the organization or user account.

tokenId

string

required

The ID of the token to revoke (from the list endpoint).

Response

200 - application/json

Successful response

token

string

The ID of the revoked token.

Example:

"clGFZ4STEe6fljpFzIum8A"

List (Organization)Vercel

Documentation Index

Authorizations

Path Parameters

Response