Appearance
Removing from the allowlist
Privy allows you to easily remove a user's email address, phone number, or wallet address to the allowlist for your app.
Using @privy-io/server-auth
Use the PrivyClient's removeFromAllowlist method to remove a user from your allowlist.
tsx
const removedAllowlistEntry = await privy.removeFromAllowlist({
type: 'email',
value: '[email protected]',
});As a parameter to the method, pass an AllowlistEntryInput object with the following fields:
| Field | Type | Description |
|---|---|---|
type | 'email' | 'phone' | 'wallet' | The type of account to remove from the allowlist. |
value | string | The identifier of the account to remove from the allowlist. Should be the corresponding email address, phone number, or wallet address. |
If the invitation is successful, the method will return an AllowlistEntry that represents the now-deleted allowlist entry. If the invitation fails, the method will throw an error.
Using the REST API
Make a DELETE request to:
sh
https://auth.privy.io/api/v1/apps/<your-privy-app-ID>/allowlistIn the body of the request, include the following fields:
| Field | Type | Description |
|---|---|---|
type | 'email' | 'phone' | 'wallet' | The type of account to remove from the allowlist. |
value | string | The identifier of the account to remove from the allowlist. Should be the corresponding email address, phone number, or wallet address. |
Below is a sample cURL command for deleting an email from the allowlist:
bash
curl --request DELETE 'https://auth.privy.io/api/v1/apps/<your-privy-app-ID>/allowlist' \
-u ":<your-privy-app-secret>" \
-H "privy-app-id: <your-privy-app-ID>" \
--data-raw '{
"type": "email",
"value": "[email protected]"
}'A successful response will include the deleted entry, like below:
json
{
"id": "allowlist-entry-ID",
"type": "email",
"value": "[email protected]",
"appId": "your-privy-app-ID"
},If there is no corresponding allowlist entry for the invited account you attempted to delete, the response will include an error.
INFO
If a user has successfully logged into your application (e.g. after having been added to the allowlist), you must delete their user object, rather than deleting their allowlist entry—to revoke their access.