Skip to main content

Update user's refresh tokens state

The endpoint provides functionality to enable or disable refresh tokens of a user.

The required values are the userExtId retrieved upon user creation, and the instanceId of the customer.

For authorization, a JWT is required.


In Identity Cloud, the admin user can block and unblock a user from signing in. These operations automatically involve the disable or enable refresh tokens of a user.

HTTP request

PATCH https://${instanceId}${userExtId}/refresh-tokens


instanceId StringpathRequired The ID of the customer instance
userExtId UUIDpathRequired The ID of the searched user

Request body

You can modify the state attribute of the user's refresh tokens.

The state can only take two values.

  • active: To enable the refresh tokens of a user.
  • disabled: To disable the refresh tokens of a user.


state StringbodyRequired The state of the user's refresh tokens;
Values: active, disabled


Enable all of the user's refresh tokens.

"state": "active"

HTTP response

On success

HTTP/1.1 200 is returned if the user's refresh tokens is successfully modified.


If the user does not have any refresh token, this request will still be considered successful.

On failure

HTTP/1.1 401 is returned if the authorization failed due to an invalid JWT.

HTTP/1.1 404 is returned if no user is found with the given userExtId

HTTP/1.1 422 is returned if invalid request content was given.

HTTP/1.1 500 is returned if an unexpected error occurred.