POST /oauth/admin/grants/{GrantID}/actions

Executes a valid workflow action associated with the specified OAuth grant.

Grant administration is done by performing an action on a grant. For example, the action to revoke the grant could be done by the resource owner, client administrator, or provider administrator. There are reserved actions used by the provider as part of the grant issue process.

Custom actions could be introduced by customizing the workflow definition. For example, each action could be restricted based on the user’s roles and can result in changing the grant state.

Note: Workflow actions relating to OAuth are controlled by the OAuth workflow, which you can customize if needed. For more information, review the attached default OAuth grant workflow (correct as of version 8.4) or download the latest in the developer portal: Administration > Workflows > workflow:definition:oauth:grant:default:1.0.0.

For more information about revoking a grant, see OAuth: Revoking a Grant.

Authorization Roles/Permissions: Must be an authorized user for the resource. Authentication cookie is required. Some workflow actions require that the user is either an app team member or a Site Administrator (as noted).

This topic includes the following sections:

HTTP Method


Back to top



Back to top

Sample Request

The example below shows a request to change the grant status from Pending to Declined.

Request URL


Sample request headers

POST http://{oauth-provider-url}/oauth/admin/grants/ah27khdbb4kk/actions HTTP/1.1
Content-Type: application/json
Host: {oauth-provider-url}
Cookie: OAuthToken_{OAuthProviderName}

Sample request body


Back to top

Request Headers

For general information on request header values, refer to HTTP Request Headers.

Header Description
Accept application/json
Content-Type application/json
OAuthToken_{OAuthProviderName} The OAuth cookie that identifies the logged-in user with the provider. Depending on the operation being used and the context, the authenticated user could be the resource owner, the administrator, the client app administration, or the OAuth Provider. The cookie is returned after logging in with the POST /oauth/login operation.

Back to top

Request Parameters

Parameter Parm Type Data Type Required Description
GrantID Path string Required The unique ID for a specific instance of an OAuth grant.
ActionRequest POST ActionRequest Required Contains information about a request for a workflow action associated with a specific OAuth grant.

Request Payload, Additional Notes

The possible values for ACTION when using the out-of-box workflow definition are below. For a custom workflow, the list could be different based on the workflow definition. The default values are:

  • For Active grants, Actions allowed include:
    • resource.owner.revoked
    • resource.owner.cancelled
    • app.admin.cancelled
    • provider.admin.cancelled
  • For Revoked grants, Actions allowed include:
    • resource.owner.reinstated
    • resource.owner.cancelled
    • app.admin.cancelled
    • provider.admin.cancelled
  • In the above list, some actions have restrictions, as follows:

  • These actions are available to resource owner only:
    • resource.owned.revoked
    • resource.owner.reinstated
    • resource.owner.cancelled
  • This action is available to app administrator only:
    • app.admin.cancelled
  • This action is available to provider administrators only:
    • provider.admin.cancelled

Back to top


If successful, this operation returns HTTP status code 200. The Grant object is returned as JSON with the updated details.

Back to top

Sample Response

The sample response below shows successful completion of this operation.

Sample response headers

HTTP/1.1 200 OK
Content-Type: application/json
Expires: Wed, 26 Aug 2015 14:08:05 GMT

Sample response body

  "GrantID" : "ah27khdbb4kk",
  "GrantProvider" : "OAuthAutomationacmepaymentscorp",
  "GrantType" : "authorization_code",
  "OpenIdConnectGrant" : false,
  "GrantStatus" : "Rejected",
  "GrantExpirationDateTime" : 1441912084000,
  "GrantExpirationDateTimeInMillis" : 1441912084000,
  "GrantClient" : {
    "ClientID" : "acmepaymentscorp-4dAwP8UNqkU9pq4eDi6Sd68V"
  "GrantClientRedirectUri" : "",
  "ResourceOwnerUserInfo" : {
    "DomainName" : "Ldapacmepaymentscorp",
    "UID" : "eng99"
  "GrantResourceScope" : {
    "Resource" : [ {
      "Name" : "Scope1"
    } ]
  "GrantIssuedDateTime" : 1440616084000,
  "GrantIssuedDateTimeInMillis" : 1440616084000,
  "GrantUpdatedDateTime" : 1440616085000,
  "GrantUpdatedDateTimeInMillis" : 1440616085000,
  "ResponseType" : "code"

Back to top

Response Headers

For general information on response header values, refer to HTTP Response Headers.

Header Description
Content-Type application/json

Back to top

Response Body

Name Type Description
Grant Grant Contains information about an OAuth grant.

Back to top

Error Codes/Messages

If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.

Item Value
401 Unauthorized. For example, you would get this response if you didn't include the OAuthToken_{OAuthProviderName} cookie, or if you included an invalid cookie.
500 An error occurred processing the call.

More information about Enterprise API Platform API error messages.

Back to top

Related Topics