Delete a delegated permission grant (oAuth2PermissionGrant)

Namespace: microsoft.graph

Namespace: microsoft.graph


APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported.

Delete an oAuth2PermissionGrant.

When a delegated permission grant is deleted, the access it granted is revoked. Existing access tokens will continue to be valid for their lifetime, but new access tokens will not be granted for the delegated permissions identified in the deleted oAuth2PermissionGrant.


There may be two delegated permission grants authorizing an application to act on behalf of a user when calling an API. This can happen when a user consents for the application on their own behalf (creating an oAuth2PermissionGrant with consentType Principal, identifying the user) and then an administrator grants tenant-wide admin consent on behalf of all users (creating a second oAuth2PermissionGrant with consentType of AllPrincipals).


One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from least to most privileged)
Delegated (work or school account) DelegatedPermissionGrant.ReadWrite.All, Directory.ReadWrite.All, Directory.AccessAsUser.All
Delegated (personal Microsoft account) Not supported.
Application Directory.ReadWrite.All

HTTP request

DELETE /oauth2PermissionGrants/{id}

Request headers

Name Type Description
Authorization string Bearer {token}. Required.

Request body

Do not supply a request body for this method.


If successful, this method returns 204 No Content response code. It does not return anything in the response body.



Here is an example of the request.



Here is an example of the response.

HTTP/1.1 204 No Content