Skip to main content
POST
/
api
/
{serviceId}
/
client
/
registration
/
delete
Typescript (SDK)
import { Authlete } from "@authlete/typescript-sdk";

const authlete = new Authlete({
  bearer: process.env["AUTHLETE_BEARER"] ?? "",
});

async function run() {
  const result = await authlete.dynamicClientRegistration.delete({
    serviceId: "<id>",
    requestBody: {
      token: "qs4Tu5TV7qqDYT93bFs6ISyhTByMF9o-54GY4JU5vTA",
      clientId: "26837717140341",
    },
  });

  console.log(result);
}

run();
{
  "resultCode": "A216001",
  "resultMessage": "[A216001] The client has been deleted.",
  "action": "DELETED"
}
This API is supposed to be called from the within the implementation of the client registration management endpoint of the authorization server. The authorization server implementation should retrieve the value of action from the response and take the following steps according to the value.

INTERNAL_SERVER_ERROR

When the value of action is INTERNAL_SERVER_ERROR, it means that the API call from the authorization server implementation was wrong or that an error occurred in Authlete. In either case, from a viewpoint of the client or developer, it is an error on the server side. Therefore, the authorization server implementation should generate a response with “500 Internal Server Error”s and application/json. The value of responseContent is a JSON string which describes the error, so it can be used as the entity body of the response.
The following illustrates the response which the authorization server implementation should generate and return to the client or developer.
HTTP/1.1 500 Internal Server Error
Content-Type: application/json
Cache-Control: no-store
Pragma: no-cache
&#123;responseContent&#125;
The endpoint implementation may return another different response to the client or developer since “500 Internal Server Error” is not required by the specification.

BAD_REQUEST

When the value of action is BAD_REQUEST, it means that the request from the client or developer was wrong. The authorization server implementation should generate a response with “400 Bad Request” and application/json. The value of responseContent is a JSON string which describes the error, so it can be used as the entity body of the response.
The following illustrates the response which the authorization server implementation should generate and return to the client or developer.
HTTP/1.1 400 Bad Request
Content-Type: application/json
Cache-Control: no-store
Pragma: no-cache
&#123;responseContent&#125;

UNAUTHORIZED

When the value of action is UNAUTHORIZED, it means that the registration access token used by the client configuration request (RFC 7592) is invalid, or the client application which the token is tied to does not exist any longer or is invalid. The HTTP status of the response returned to the client application must be “401 Unauthorized” and the content type must be application/json. The value of responseContent is a JSON string which describes the error, so it can be used as the entity body of the response.
The following illustrates the response which the endpoint implementation should generate and return to the client application.
HTTP/1.1 401 Unauthorized
Content-Type: application/json
Cache-Control: no-store
Pragma: no-cache
&#123;responseContent&#125;
NOTE: The UNAUTHORIZED value was added in October, 2021. See the description of Service.unauthorizedOnClientConfigSupported for details.

DELETED

When the value of action is DELETED, it means that the request from the client or developer is valid. The authorization server implementation should generate a response to the client or developer with “204 No Content”.
The following illustrates the response which the authorization server implementation should generate and return to the client or developer.
HTTP/1.1 204 No Content
Cache-Control: no-store
Pragma: no-cache

Authorizations

Authorization
string
header
required

Authenticate every request with a Service Access Token or Organization Token. Set the token value in the Authorization: Bearer <token> header.

Service Access Token: Scoped to a single service. Use when automating service-level configuration or runtime flows.

Organization Token: Scoped to the organization; inherits permissions across services. Use for org-wide automation or when managing multiple services programmatically.

Both token types are issued by the Authlete console or provisioning APIs.

Path Parameters

serviceId
string
required

A service ID.

Body

application/json
token
string
required

The client registration access token. Used only for GET, UPDATE, and DELETE requests.

clientId
string
required

The client's identifier. Used for GET, UPDATE, and DELETE requests

json
string

Client metadata in JSON format that complies with RFC 7591 (OAuth 2.0 Dynamic Client Registration Protocol).

Response

resultCode
string

The code which represents the result of the API call.

resultMessage
string

A short message which explains the result of the API call.

action
enum<string>

The next action that the authorization server implementation should take.

Available options:
BAD_REQUEST,
CREATED,
DELETED,
INTERNAL_SERVER_ERROR,
OK,
UNAUTHORIZED,
UPDATED
responseContent
string

The content that the authorization server implementation is to return to the client application. Its format varies depending on the value of action parameter.

client
object
Example:
{
  "number": 1140735077,
  "serviceNumber": 715948317,
  "clientName": "My Test Client",
  "clientId": "1140735077",
  "clientSecret": "gXz97ISgLs4HuXwOZWch8GEmgL4YMvUJwu3er_kDVVGcA0UOhA9avLPbEmoeZdagi9yC_-tEiT2BdRyH9dbrQQ",
  "clientType": "PUBLIC",
  "redirectUris": ["https://example.com/callback"],
  "responseTypes": ["CODE"],
  "grantTypes": ["AUTHORIZATION_CODE"]
}