> ## Documentation Index
> Fetch the complete documentation index at: https://gcore.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Revoke user's access to account

> Revokes user's access to the specified account. If the specified user doesn't have access to multiple accounts, the user is deleted.



## OpenAPI

````yaml /api-reference/services_documented/iam_api.yaml delete /iam/clients/{clientId}/client-users/{userId}
openapi: 3.1.0
info:
  title: Gcore OpenAPI – IAM API
  description: >-
    This OpenAPI is an aggregated OpenAPI specification that unifies all Gcore
    products into a single file. It covers Cloud, CDN, DNS, WAAP, DDoS
    Protection, Object Storage, Streaming, and FastEdge services.
  version: '2026-05-11T15:10:30.328297+00:00'
servers:
  - url: https://api.gcore.com
security:
  - APIKey: []
tags:
  - name: Account
    description: >-
      Account management operations including authentication, password
      management, and account details.
    x-displayName: Account
  - name: API Tokens
    description: >-
      Use permanent API tokens for regular automated requests to services.

      You can either set its validity period when creating it or issue a token
      for an unlimited time.

      Please address the API documentation of the specific product in order to
      check if it supports API tokens.


      Newer endpoints under `/v2/…` issue tokens using `_` (underscore) as the
      separator

      (for example `42_a1b2c3d4e5f6...`) and are the recommended way to create
      new tokens.

      Legacy endpoints that issue `$`-separated tokens are marked deprecated and
      will be removed

      on **2026-07-17**; tokens that were already issued keep authenticating.


      Provide your APIKey in the Authorization header.


      Example: ```curl -H "Authorization: APIKey 42_a1b2c3d4e5f6..."
      https://api.gcore.com/iam/users/me```


      Please note: When authorizing via SAML SSO, our system does not have any

      information about permissions given to the user by the identity provider.

      Even if the provider revokes the user's access rights, their tokens remain
      active.

      Therefore, if necessary, the token will need to be deleted manually.
    x-displayName: API Tokens
  - name: Users
    x-displayName: Users
paths:
  /iam/clients/{clientId}/client-users/{userId}:
    delete:
      tags:
        - Users
      summary: Revoke user's access to account
      description: >-
        Revokes user's access to the specified account. If the specified user
        doesn't have access to multiple accounts, the user is deleted.
      operationId: iamRevokeClientUserAccess
      parameters:
        - $ref: '#/components/parameters/UserID'
        - $ref: '#/components/parameters/ClientID'
      responses:
        '200':
          description: The user's access has been successfully revoked.
        '403':
          description: You do not have permission to perform this action.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/RevokeUserAccessForbiddenError'
        '404':
          description: User is not found in the specified account.
      x-codeSamples:
        - lang: Python
          source: |-
            import os
            from gcore import Gcore

            client = Gcore(
                api_key=os.environ.get("GCORE_API_KEY"),  # This is the default and can be omitted
            )
            client.iam.users.delete(
                user_id=0,
                client_id=0,
            )
        - lang: Go
          source: "package main\n\nimport (\n\t\"context\"\n\n\t\"github.com/G-Core/gcore-go\"\n\t\"github.com/G-Core/gcore-go/iam\"\n\t\"github.com/G-Core/gcore-go/option\"\n)\n\nfunc main() {\n\tclient := gcore.NewClient(\n\t\toption.WithAPIKey(\"My API Key\"),\n\t)\n\terr := client.Iam.Users.Delete(\n\t\tcontext.TODO(),\n\t\t0,\n\t\tiam.UserDeleteParams{\n\t\t\tClientID: 0,\n\t\t},\n\t)\n\tif err != nil {\n\t\tpanic(err.Error())\n\t}\n}\n"
components:
  parameters:
    UserID:
      name: userId
      in: path
      required: true
      description: User's ID.
      schema:
        type: integer
    ClientID:
      name: clientId
      in: path
      required: true
      description: Account ID.
      schema:
        type: integer
  schemas:
    RevokeUserAccessForbiddenError:
      oneOf:
        - title: >-
            You do not have permission for the specified account to perform this
            action.
          type: object
          example:
            message: You do not have permission to perform this action.
        - $ref: '#/components/schemas/TokenConstrainsDeletion'
    TokenConstrainsDeletion:
      title: The specified user has API tokens.
      type: object
      properties:
        message:
          type: string
          description: >-
            The specified user has API tokens.

            Please [delete API tokens](DELETE
            /clients/{clientId}/tokens/{tokenId}) before the user deleting.
      example:
        message: You can't remove the user as they have active tokens
  securitySchemes:
    APIKey:
      description: >-
        API key for authentication. Make sure to include the word `apikey`,
        followed by a single space and then your token.

        Example: `apikey 1234$abcdef`
      type: apiKey
      in: header
      name: Authorization

````