コンテンツにスキップ

Lock an end user.

POST
/api/admin/users/{id}/lock
Code sample: Shell / cURL
curl --request POST \
--url https://auth.example.com/api/admin/users/example/lock \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '{ "reason_code": "compromised_credentials", "reason_detail": "Password reset required before reactivation.", "unlock_at": "2026-06-20T00:00:00.000Z", "revoke_tokens": true, "revoke_sessions": true }'

Lock a user account with a structured reason code, optional unlock time, and optional token/session revocation flags.

id
required
string
X-Tenant-Id
string

Tenant selector for multi-tenant admin requests.

Idempotency-Key
string

Idempotency key for state-changing operations that support replay protection.

Media type application/json
object
reason_code
required
string
Allowed values: brute_force suspicious_activity compromised_credentials security_incident admin_action investigation compliance other
reason_detail
string
unlock_at
string format: date-time
revoke_tokens
boolean
revoke_sessions
boolean
key
additional properties
Example
{
"reason_code": "compromised_credentials",
"reason_detail": "Password reset required before reactivation.",
"unlock_at": "2026-06-20T00:00:00.000Z",
"revoke_tokens": true,
"revoke_sessions": true
}

User status change response.

Media type application/json
object
user_id
required
string
status
required
string
Allowed values: suspended locked active
previous_status
required
string
effective_at
required
string format: date-time
expires_at

Present on temporary suspension responses.

string format: date-time
unlock_at

Present on lock responses when an unlock time was supplied.

string format: date-time
reason_code
required
string
revoked

Present on suspend and lock responses.

object
tokens
required

-1 means implicitly revoked through user status checks.

integer
sessions
required

-1 means implicitly revoked through user status checks.

integer
key
additional properties
key
additional properties
Example
{
"user_id": "user_123",
"status": "suspended",
"previous_status": "active",
"effective_at": "2026-06-19T00:00:00.000Z",
"expires_at": "2026-06-20T00:00:00.000Z",
"reason_code": "security_incident",
"revoked": {
"tokens": -1,
"sessions": -1
}
}