Skip to content

Removing from the allowlist

Privy allows you to easily remove a user's email address, phone number, or wallet address to the allowlist for your app.

Using @privy-io/server-auth

Use the PrivyClient's removeFromAllowlist method to remove a user from your allowlist.

tsx
const removedAllowlistEntry = await privy.removeFromAllowlist({
  type: 'email',
  value: 'batman@privy.io',
});

As a parameter to the method, pass an AllowlistEntryInput object with the following fields:

FieldTypeDescription
type'email' | 'phone' | 'wallet'The type of account to remove from the allowlist.
valuestringThe identifier of the account to remove from the allowlist. Should be the corresponding email address, phone number, or wallet address.

If the invitation is successful, the method will return an AllowlistEntry that represents the now-deleted allowlist entry. If the invitation fails, the method will throw an error.

Using the REST API

Make a DELETE request to:

sh
https://auth.privy.io/api/v1/apps/<your-privy-app-id>/allowlist

In the body of the request, include the following fields:

FieldTypeDescription
type'email' | 'phone' | 'wallet'The type of account to remove from the allowlist.
valuestringThe identifier of the account to remove from the allowlist. Should be the corresponding email address, phone number, or wallet address.

Below is a sample cURL command for deleting an email from the allowlist:

bash
curl --request DELETE 'https://auth.privy.io/api/v1/apps/<your-privy-app-id>/allowlist' \
-u "<your-privy-app-id>:<your-privy-app-secret>" \
-H "privy-app-id: <your-privy-app-id>" \
-H 'Content-Type: application/json' \
--data-raw '{
    "type": "email",
    "value": "user@email.com"
}'

A successful response will include the deleted entry, like below:

json
{
    "id": "allowlist-entry-ID",
    "type": "email",
    "value": "user@email.com",
    "appId": "your-privy-app-ID"
},

If there is no corresponding allowlist entry for the invited account you attempted to delete, the response will include an error.

INFO

If a user has successfully logged into your application (e.g. after having been added to the allowlist), you must delete their user object, rather than deleting their allowlist entry—to revoke their access.