> ## Documentation Index
> Fetch the complete documentation index at: https://docs.turso.tech/llms.txt
> Use this file to discover all available pages before exploring further.

# Revoke Organization API Token

> Revokes a token scoped to this organization.

The path takes a token **ID**, not a name, because names are unique per user but not across users — an admin revoking a member's token can't disambiguate by name alone.

Authorization is symmetric with the list endpoint:

- **Admins and owners** can revoke any token scoped to the organization (org-scoped or group-scoped, regardless of who minted it).
- **Members and viewers** can revoke only tokens they minted themselves.

A token scoped to a different organization returns `404`, not `403`, so the endpoint does not leak the existence of cross-org token IDs. Unrestricted tokens are also unreachable here and must be revoked via [`DELETE /v1/auth/api-tokens/{tokenName}`](/api-reference/tokens/revoke).

<Info>
  This endpoint takes a token **ID** (not a name) because token names are not unique across users in an organization. Admins and owners may revoke any token scoped to the organization; members and viewers may only revoke tokens they minted themselves. Use [`DELETE /v1/auth/api-tokens/{tokenName}`](/api-reference/tokens/revoke) to revoke unrestricted tokens.
</Info>

<RequestExample>
  ```bash cURL theme={null}
  curl -L -X DELETE 'https://api.turso.tech/v1/organizations/{organizationSlug}/api-tokens/{tokenId}' \
    -H 'Authorization: Bearer TOKEN'
  ```
</RequestExample>


## OpenAPI

````yaml DELETE /v1/organizations/{organizationSlug}/api-tokens/{tokenId}
openapi: 3.0.1
info:
  title: Turso Platform API
  description: API description here
  license:
    name: MIT
  version: 0.1.0
servers:
  - url: https://api.turso.tech
    description: Turso's Platform API
security: []
paths:
  /v1/organizations/{organizationSlug}/api-tokens/{tokenId}:
    delete:
      summary: Revoke Organization API Token
      description: >-
        Revokes a token scoped to this organization.


        The path takes a token **ID**, not a name, because names are unique per
        user but not across users — an admin revoking a member's token can't
        disambiguate by name alone.


        Authorization is symmetric with the list endpoint:


        - **Admins and owners** can revoke any token scoped to the organization
        (org-scoped or group-scoped, regardless of who minted it).

        - **Members and viewers** can revoke only tokens they minted themselves.


        A token scoped to a different organization returns `404`, not `403`, so
        the endpoint does not leak the existence of cross-org token IDs.
        Unrestricted tokens are also unreachable here and must be revoked via
        [`DELETE
        /v1/auth/api-tokens/{tokenName}`](/api-reference/tokens/revoke).
      operationId: revokeOrganizationAPIToken
      parameters:
        - $ref: '#/components/parameters/organizationSlug'
        - name: tokenId
          in: path
          required: true
          schema:
            type: string
          description: The ID of the token to revoke (from the list endpoint).
          example: clGFZ4STEe6fljpFzIum8A
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                type: object
                properties:
                  token:
                    type: string
                    description: The ID of the revoked token.
                    example: clGFZ4STEe6fljpFzIum8A
components:
  parameters:
    organizationSlug:
      in: path
      name: organizationSlug
      required: true
      schema:
        type: string
      description: The slug of the organization or user account.

````