DELETE /v1/orgs/:org_id/members/:user_id
Remove a member from an organization. Revokes every active session for the removed user.
::: tip Auth
Required: cookie or Bearer. Required permission: members.remove.
:::
Request
DELETE /v1/orgs/:org_id/members/:user_id
Response
204 No Content
Error responses
| Status | Code | When |
|---|---|---|
| 401 | authentication_required | No valid auth credential. |
| 403 | forbidden | Org mismatch or missing members.remove permission. |
| 404 | not_found | No such membership. |
| 409 | conflict | Attempted to remove the last owner of the org. |
Notes
- The user's record in
usersis NOT deleted — only their membership row is removed. To fully delete a user account, the host application must implement that flow separately (it requires explicit data-handling decisions: anonymize, hard-delete, soft-delete, etc.). - All of the removed user's active sessions are revoked. Session-cache entries are invalidated.
- An audit entry (
members.removed) is recorded.