OAuth2 member removal

Topics:

About member removal

Projects on Open Humans can remove project members from their project. Removals are performed based on project member ID. Removal is an irreversible action that deauthorizes the member, removing any continued access to data shared by the member and/or added to their account by the project.

Removals will not remove data deposited by the project. If a project wishes to remove data it added to a member account, it must do so before removing the member.

Removal does not prevent a member from re-joining a project.

Note: If you plan to message members to inform them of their removal, you must do so before removing them. You will be unable to message them after the removal, as they will no longer be members.

Removing via website form

  1. Go to your project management page.

  2. Go to the project detail page by clicking the project name.

  3. Click the "Remove project members" button for your project.

  4. Specify which members you're removing. Use a comma-separated list of project member IDs.

  5. Remove members. Click "Remove members" to remove the project member(s) you've specified.

Via API with a user-specific token

OAuth2 projects can use a POST to the member removal endpoint to remove a project member using the user-specific access token.

The URL for the member removal endpoint is:

https://www.openhumans.org/api/direct-sharing/project/remove-members/?access_token=<ACCESS_TOKEN>

Via API with a master access token

You can also use a master access token with POST to the member removal endpoint to remove a specified subset of project members.

The endpoint takes these parameters as a JSON object:

  • project_member_ids: An array of project member IDs to remove.

You must either specify true for all_members or specify an array of project_member_ids but not both.

The URL for the messaging endpoint is:

https://www.openhumans.org/api/direct-sharing/project/remove-members/?access_token=<MASTER_ACCESS_TOKEN>

About master access tokens

Each project has a "master access token" used for API calls. This token is a password for your project.

To find the token, your project management page and click on your project's name. The master access token should be listed in your project's details.

Keep this token PRIVATE.

  • Do NOT publicly share this token.
  • Do NOT share this token in an unsecured manner.
  • NEVER put this token into a git repository.

This token is used to authorize the following:

  • API access to any private data shared with your project
  • sending messages to project members via API
  • uploading data for project members via API

If you ever believe the security of this token may have been compromised, contact us at support@openhumans.org and we'll reset it to a new value.

When using this token in programs, we recommend you do NOT store it. You should enter the token each time you run your software.

If you want to have fully automated API transactions with Open Humans, you should use OAuth2 endpoints with user-specific access tokens.