> ## Documentation Index
> Fetch the complete documentation index at: https://ownpay.org/docs/llms.txt
> Use this file to discover all available pages before exploring further.

> ## Agent Instructions
> OwnPay is licensed under AGPL-3.0 and is completely free - no licensing fees.
> Production docs URL: https://ownpay.org/docs - append .md to any page URL for clean markdown.
> OwnPay requires PHP 8.3+, MySQL/MariaDB, and Redis.
> MCP server available at https://ownpay.org/docs/mcp for programmatic documentation queries.
> Use root-relative links (e.g. /quickstart) for internal navigation - do NOT include /docs prefix.
> Plugin development: consult /developer/plugin-types/ pages for correct interfaces and manifests.

# Bulk Revoke Devices

> Revokes multiple paired devices under the brand context at once.




## OpenAPI

````yaml /api/mobile_api.yaml post /api/mobile/v1/devices/bulk-revocations
openapi: 3.1.0
info:
  title: OwnPay Mobile Companion App API
  description: >
    The OwnPay Mobile API is exposed exclusively to the paired mobile companion
    application.

    It contains endpoints to complete initial device pairing, submit heartbeats
    to report online statuses, refresh authentication tokens, upload received
    SMS messages (supporting batch processing up to 200 items), fetch pending
    outbound SMS queues, acknowledge push notifications, and retrieve dashboard
    statistics.


    ### Security and Cryptography

    - Except for `/api/mobile/v1/devices` (bootstrap pairing) and
    `/api/mobile/v1/devices/token-refreshes` (token refresh), all endpoints
    require authentication using a JSON Web Token (JWT) in the HTTP
    `Authorization` header.
      ```http
      Authorization: Bearer <jwt_access_token>
      ```
    - Device fingerprints are checked during token refreshes.

    - Endpoints are brand-scoped; data visibility is restricted to the specific
    brand/merchant.
  version: 1.0.0
servers:
  - url: https://{brand_domain}
    description: Master brand domain hosting OwnPay gateway.
    variables:
      brand_domain:
        default: ownpay.org
        description: The domain of the specific white-labeled gateway.
security:
  - JWTAuth: []
paths:
  /api/mobile/v1/devices/bulk-revocations:
    post:
      summary: Bulk Revoke Devices
      description: |
        Revokes multiple paired devices under the brand context at once.
      operationId: bulkRevokeDevices
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - device_ids
              properties:
                device_ids:
                  type: array
                  description: Array of device UUID strings to revoke.
                  items:
                    type: string
                  example:
                    - a810b445-564a-4e20-80a5-f1261d7b328a
                    - b901c556-675b-5f31-91b6-02372e8c439b
      responses:
        '200':
          description: Bulk revocation outcome details.
          content:
            application/json:
              schema:
                type: object
                properties:
                  success:
                    type: boolean
                    example: true
                  data:
                    type: object
                    properties:
                      revoked:
                        type: integer
                        description: Count of devices successfully revoked.
                        example: 2
        '422':
          description: Validation error. device_ids must be a non-empty array.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiSingleErrorResponse'
components:
  schemas:
    ApiSingleErrorResponse:
      type: object
      properties:
        success:
          type: boolean
          example: false
        error:
          type: string
          example: Invalid pairing code
        errors:
          type: array
          items:
            type: object
            properties:
              code:
                type: string
                example: INVALID_PAIRING_CODE
              message:
                type: string
                example: Invalid pairing code
              field:
                type: string
                nullable: true
                example: null
        request_id:
          type: string
          example: 8f5a2e9b0c7d4e5f
  securitySchemes:
    JWTAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: Enter your Short-lived access JWT token.

````

## Related topics

- [Revoke Paired Device](/docs/api-reference/revoke-paired-device.md)
- [Features and Capabilities](/docs/resources/features.md)
- [Paired Devices - Connect and Manage Android Phones](/docs/user-guide/mobile-sms/devices.md)
- [Revoke API Key](/docs/api-reference/revoke-api-key.md)
- [Security and Compliance - PCI, Encryption, and RBAC](/docs/advanced-topics/security-compliance.md)
