Skip to main content
Revocation is a reshare that removes the delegated server share. After revocation, the developer can no longer act on the user’s behalf. Revocation process:
  1. User (or your app) initiates revocation
  2. Dynamic performs a reshare ceremony
  3. Developer’s external share becomes invalid
  4. All delegated operations are immediately blocked

Revoke delegation

Use revokeWaasDelegation to revoke access for a wallet account. 
import { getWalletAccounts } from '@dynamic-labs-sdk/client';
import { revokeWaasDelegation } from '@dynamic-labs-sdk/client/waas';

const walletAccounts = getWalletAccounts();
const walletAccount = walletAccounts[0];

await revokeWaasDelegation({ walletAccount });

With password encryption

If the wallet uses password encryption, provide the same password that was used when delegating. 
import { getWalletAccounts } from '@dynamic-labs-sdk/client';
import { revokeWaasDelegation } from '@dynamic-labs-sdk/client/waas';

const walletAccounts = getWalletAccounts();
const walletAccount = walletAccounts[0];

await revokeWaasDelegation({ walletAccount, password: 'user-password' });

Parameters

ParameterTypeRequiredDescription
walletAccountWalletAccountYesThe WaaS wallet account to revoke delegation for
passwordstringNoPassword used when delegating, if wallet is password-protected

Webhook payload (wallet.delegation.revoked)

Your server receives this webhook after revocation completes: 
{
  "eventName": "wallet.delegation.revoked",
  "eventId": "3f0a1b1c-0000-4000-8000-aaaaaaaaaaaa",
  "timestamp": "2025-10-01T16:00:00.000Z",
  "userId": "7eb7843b-2a4d-4f69-b95e-d219f0662fda",
  "data": {
    "walletId": "25193936-3ecd-4c1b-84e6-9eabc82e53c2",
    "chain": "EVM"
  }
}

Cleanup checklist (server)

  • Invalidate cached delegated materials for the walletId.
  • Stop any delegated jobs/agents for the wallet.
  • Remove or rotate stored delegated share and per‑wallet API key.
  • Treat duplicate events as idempotent using eventId.