Skip to content
Mindful Auth Docs (BETA)

Lock/Unlock Members API Guide

Mindful Auth provides an API for admins to lock and unlock member accounts. Locking a member invalidate all sessions and prevents members from authenticating until they are unlocked by an admin.

Locking member

Section titled “Locking member”
Terminal window
curl -X POST https://api.mindfulauth.com/auth/lock-account \
  -H "X-Tenant-Domain: portal.example.com" \
  -H "Authorization: Bearer <internal-api-key>" \
  -H "Content-Type: application/json" \
  -d '{
    "recordId": "123456789",
    "action": "lock",
  }'

Unlocking member

Section titled “Unlocking member”
Terminal window
curl -X POST https://api.mindfulauth.com/auth/lock-account \
  -H "X-Tenant-Domain: portal.example.com" \
  -H "Authorization: Bearer <internal-api-key>" \
  -H "Content-Type: application/json" \
  -d '{
    "recordId": "123456789",
    "email": "user@example.com",
    "action": "unlock",
  }'

Authentication:

Validates Authorization header (Bearer token) against your internal API key. The X-Tenant-Domain header specifies which hostname’s credentials to use.

Credential Matching Requirements:

  • You MUST use the correct X-Tenant-Domain for the recordId being targeted
  • The Authorization internal API key MUST match the specified X-Tenant-Domain’s key
  • For hostnames with SHARED app IDs (encryption key reuse):
    • portal1.com (app ID “123”) and portal2.com (app ID “123”) have IDENTICAL internal API keys
    • You can use either hostname with their shared key
  • For hostnames with DIFFERENT app IDs:
    • portal1.com (app ID “123”) and portal3.com (app ID “456”) have DIFFERENT internal API keys
    • You MUST use the matching X-Tenant-Domain and its corresponding internal API key
    • Using portal1.com’s key with X-Tenant-Domain: portal3.com will fail (403 Unauthorized)