Skip to main content
DELETE
/
auth
/
credentials
/
{id}
cURL
curl --request DELETE \
  --url https://api.lightspark.com/grid/2025-10-13/auth/credentials/{id} \
  --header 'Authorization: Basic <encoded-value>'
{
  "payloadToSign": "Y2hhbGxlbmdlLXBheWxvYWQtdG8tc2lnbg==",
  "requestId": "Request:7c4a8d09-ca37-4e3e-9e0d-8c2b3e9a1f21",
  "expiresAt": "2026-04-08T15:35:00Z"
}

Documentation Index

Fetch the complete documentation index at: https://ramps-05-22-docs-annotate-cards-intro-snippet-triggers-mint.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

API token authentication using format <api token id>:<api client secret>

Headers

Grid-Wallet-Signature
string

Full API-key stamp built over the prior payloadToSign with the session API keypair of an existing verified authentication credential on the same internal account (other than the one being revoked). Required on the signed retry; ignored on the initial call.

Request-Id
string

The requestId returned in a prior 202 response, echoed back exactly on the signed retry so the server can correlate it with the issued challenge. Required on the signed retry; must be paired with Grid-Wallet-Signature.

Path Parameters

id
string
required

The id of the authentication credential to revoke (the id field of the AuthMethod returned from POST /auth/credentials).

Response

Challenge issued. The response contains payloadToSign plus a requestId. Build an API-key stamp over payloadToSign with the session API keypair of an existing verified credential on the same internal account (other than the one being revoked), then echo requestId on the retry.

202 response returned from Embedded Wallet Auth endpoints that require a signed retry — POST /auth/credentials (adding an additional credential), DELETE /auth/credentials/{id} (revoking a credential), and DELETE /auth/sessions/{id} (revoking a session). Carries the signing fields from SignedRequestChallenge plus the type of the authentication credential involved (being added, revoked, or that issued the session being revoked). The client already knows the target resource id from the request path / body it just sent, so nothing beyond type is echoed in the response.

payloadToSign
string
required

Canonical payload for the retry authorization stamp. Build an API-key stamp over this exact value with the session API keypair, then send the full base64url-encoded stamp in Grid-Wallet-Signature on the retry that completes the original request.

Example:

"Y2hhbGxlbmdlLXBheWxvYWQtdG8tc2lnbg=="

requestId
string
required

Grid-issued Request:<uuid> identifier for this pending request. Echo this value exactly in the Request-Id header on the signed retry so the server can correlate the retry with the issued challenge.

Example:

"Request:7c4a8d09-ca37-4e3e-9e0d-8c2b3e9a1f21"

expiresAt
string<date-time>
required

Timestamp after which this challenge is no longer valid. The signed retry must be submitted before this time.

Example:

"2026-04-08T15:35:00Z"

type
enum<string>
required

Credential type relevant to this challenge: the credential type being added (POST /auth/credentials) or revoked (DELETE /auth/credentials/{id}). For session revocation, this is the type of credential that issued the session (DELETE /auth/sessions/{id}).

Available options:
OAUTH,
EMAIL_OTP,
PASSKEY