Appearance
Removing from the allow list
Privy allows you to easily remove a user's email address, phone number, or wallet address to the allow list for your app.
Using @privy-io/server-auth
Use the PrivyClient's removeFromAllowlist method to remove a user from your allow list.
tsx
const removedAllowlistEntry = await privy.removeFromAllowlist({
type: 'email',
value: 'batman@privy.io',
});As a parameter to the method, pass an AllowlistEntryInput object with the following fields:
| Field | Type | Description |
|---|---|---|
type | 'email' | 'phone' | 'wallet' | The type of account to remove from the allow list. |
value | string | The identifier of the account to remove from the allow list. Should be the corresponding email address, phone number, or wallet address. |
If the invitation is successful, the method will return an AllowlistEntry that represents the now-deleted allow list entry. If the invitation fails, the method will throw an error.
Using the REST API
Make a DELETE request to:
sh
https://auth.privy.io/api/v1/apps/<your-privy-app-id>/allowlistIn the body of the request, include the following fields:
| Field | Type | Description |
|---|---|---|
type | 'email' | 'phone' | 'wallet' | The type of account to remove from the allow list. |
value | string | The identifier of the account to remove from the allow list. Should be the corresponding email address, phone number, or wallet address. |
Below is a sample cURL command for deleting an email from the allow list:
bash
curl --request DELETE 'https://auth.privy.io/api/v1/apps/<your-privy-app-id>/allowlist' \
-u "<your-privy-app-id>:<your-privy-app-secret>" \
-H "privy-app-id: <your-privy-app-id>" \
-H 'Content-Type: application/json' \
--data-raw '{
"type": "email",
"value": "user@email.com"
}'A successful response will include a message, such as:
json
{
"message": "Successfully deleted from allowlist"
}If there is no corresponding allow list entry for the invited account you attempted to delete, the response will include an error.
INFO
If a user has successfully logged into your application (e.g. after having been added to the allow list), you must delete their user object, rather than deleting their allow list entry—to revoke their access.