Suspend the user flagged by a Praxis Shield incident

curl --request POST \
  --url https://pria.praxislxp.com/api/admin/security/threats/{incidentId}/suspend-user \
  --header 'x-access-token: <api-key>'

{
  "success": true,
  "suspendedMemberships": 123,
  "userDeactivated": true,
  "tokensRevoked": true
}

Admin

Suspend the user flagged by a Praxis Shield incident

Remediation action. A super-admin performs a GLOBAL suspend (user.status=‘inactive’ + all memberships inactive + token revocation). A Digital Twin admin performs a SCOPED suspend (only the memberships tying the user to the incident institutions they administer are set inactive; the account stays active elsewhere; no token revocation). Mounted under the admin gate (isAdmin) and scoped per-institution via the institutions.edit entitlement (super bypasses). Cannot suspend a super-admin or yourself.

POST

api

admin

security

threats

{incidentId}

suspend-user

Suspend the user flagged by a Praxis Shield incident

curl --request POST \
  --url https://pria.praxislxp.com/api/admin/security/threats/{incidentId}/suspend-user \
  --header 'x-access-token: <api-key>'

{
  "success": true,
  "suspendedMemberships": 123,
  "userDeactivated": true,
  "tokensRevoked": true
}

Authorizations

x-access-token

string

header

required

JWT token passed in x-access-token header

Path Parameters

incidentId

string

required

Incident id (drives the target user and the institution scope)

Response

Suspend applied

success

boolean

scope

enum<string>

Available options:

global,

institution

suspendedMemberships

integer

userDeactivated

boolean

tokensRevoked

boolean

List Praxis Shield threat incidents for the caller's managed institutions