コンテンツにスキップ

Suspend an end user.

POST
/api/admin/users/{id}/suspend
Code sample: Shell / cURL
curl --request POST \
--url https://auth.example.com/api/admin/users/example/suspend \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '{ "reason_code": "security_incident", "reason_detail": "Suspicious activity confirmed by support.", "duration_hours": 24, "revoke_tokens": true, "revoke_sessions": true, "notify_user": false }'

Suspend a user account with a structured reason code and optional token/session revocation flags.

id
required
string
X-Tenant-Id
string

Tenant selector for multi-tenant admin requests.

Idempotency-Key
string

Idempotency key for state-changing operations that support replay protection.

Media type application/json
object
reason_code
required
string
Allowed values: policy_violation security_incident account_abuse payment_issue user_request admin_action investigation compliance other
reason_detail
string
duration_hours
number
>= 1 <= 8760
revoke_tokens
boolean
revoke_sessions
boolean
notify_user
boolean
key
additional properties
Example
{
"reason_code": "security_incident",
"reason_detail": "Suspicious activity confirmed by support.",
"duration_hours": 24,
"revoke_tokens": true,
"revoke_sessions": true,
"notify_user": false
}

User status change response.

Media type application/json
object
user_id
required
string
status
required
string
Allowed values: suspended locked active
previous_status
required
string
effective_at
required
string format: date-time
expires_at

Present on temporary suspension responses.

string format: date-time
unlock_at

Present on lock responses when an unlock time was supplied.

string format: date-time
reason_code
required
string
revoked

Present on suspend and lock responses.

object
tokens
required

-1 means implicitly revoked through user status checks.

integer
sessions
required

-1 means implicitly revoked through user status checks.

integer
key
additional properties
key
additional properties
Example
{
"user_id": "user_123",
"status": "suspended",
"previous_status": "active",
"effective_at": "2026-06-19T00:00:00.000Z",
"expires_at": "2026-06-20T00:00:00.000Z",
"reason_code": "security_incident",
"revoked": {
"tokens": -1,
"sessions": -1
}
}