How do I revoke API or MCP access?

Security · Updated Jun 22, 2026

Use Workspace API settings to revoke workspace tokens and OAuth connections. Revocation takes effect immediately.

Open Dashboard, Settings, Workspace, API. Revoke workspace tokens from the token list. Revoke OAuth MCP connections from the Connections section. See API authentication and the MCP overview for how those access paths differ.

Canopy checks token and grant status on each request, so revoked access stops immediately for REST and MCP traffic.

Related articles