Skip to main content
curl -X DELETE "$API_BASE_URL/v1/org/$ORG_ID/contexts/sign-in/$CTX_ID/policies/$POLICY_ID/emails" \
  -H "x-auth-token: $NETGRAPH_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "emails": ["alice@acme.com"],
    "revokeUserEngagement": true
  }'

{
  "policyEmails": ["*@external.example.com", "bob@acme.com"],
  "removedEmails": [
    {
      "email": "alice@acme.com",
      "revokedLoginsForSelfProvisioning": 3,
      "revokedLoginsForMeetingHost": 0,
      "revokedWhitelisting": 0,
      "revokeLoginsforConferences": 1
    }
  ]
}
Removes email addresses or patterns from an access policy and, by default, revokes any active sign-ins the departing emails have made through modules gated by this policy.

Request

organizationId
string
required
Organization ID.
contextId
string
required
Sign-In Context ID.
accessPolicyId
string
required
Access policy UUID.
x-auth-token
string
required
Context API key.
emails
string[]
required
List of email addresses or patterns to remove. Entries that are not in the policy are ignored.
revokeUserEngagement
boolean
default:"true"
When true (default), active sign-ins associated with the removed emails are revoked. Set false to leave existing sessions intact and only prevent future sign-ins.
curl -X DELETE "$API_BASE_URL/v1/org/$ORG_ID/contexts/sign-in/$CTX_ID/policies/$POLICY_ID/emails" \
  -H "x-auth-token: $NETGRAPH_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "emails": ["alice@acme.com"],
    "revokeUserEngagement": true
  }'

Response

policyEmails
string[]
Emails still in the policy after the removal.
removedEmails
object[]
One entry per email that was actually removed, including how many active sign-ins (per module) were revoked.
{
  "policyEmails": ["*@external.example.com", "bob@acme.com"],
  "removedEmails": [
    {
      "email": "alice@acme.com",
      "revokedLoginsForSelfProvisioning": 3,
      "revokedLoginsForMeetingHost": 0,
      "revokedWhitelisting": 0,
      "revokeLoginsforConferences": 1
    }
  ]
}