DELETE - registrationDelete


Delete the actual registration for a given client_id


[From RFC7592] To deprovision itself on the authorization server, the client makes an HTTP DELETE request to the client configuration endpoint. This request is authenticated by the registration access token issued to the client.


  • manageRegistration


clientId (required)
REQUIRED. OAuth 2.0 client identifier string. It SHOULD NOT be currently valid for any other registered client, though an authorization server MAY issue the same client identifier to multiple instances of a registered client at its discretion.
Signature (required)
http-signature of the request (cf. https://datatracker.ietf.org/doc/draft-cavage-http-signatures/) The keyId must specify the way to get the relevant qualified certificate. It is requested that this identifier is - either an URL aiming to provide the relevant Qualified Certificate. - or the kid parameter retrieved through the certificate registration during a previous OAUTH2 Technical Setup
X-Request-ID (required)
Correlation header to be set in a request and retrieved in the relevant response

Return codes

204 No content. Deletion of the relevant registration
400 Invalid status value
401 Unauthorized, authentication failure.
403 Forbidden, authentication successful but access to resource is not allowed.
405 Method Not Allowed.
406 Not Acceptable.
408 Request Timeout.
429 Too many requests.
500 Internal server error.
501 Not Implemented. This code should be used when the entry point is implemented but cannot provide a result, given the context. When the entry point is not implemented at all, HTTP400 will be returned.
503 Service unavailable.

Available authentification

OAuth 2.0