Sudo Required

This action requires a fresh re-authentication grant.

Status: 403 Type: https://brivo.ltd/docs/identity/api/errors/sudo-required

Some sensitive actions require the user to confirm their identity immediately before proceeding, even if they already have a valid session. This is called a sudo grant.

When this error is returned, the session is valid and the user has permission for the action, but the action requires a recent proof of identity before it will be allowed.

Flow

  1. The original request returns 403 sudo-required with the action name in detail.
  2. Call POST /auth/session/sudo (password) or POST /auth/session/sudo/passkey with the required action.
  3. On success, a grantId is returned.
  4. Retry the original request with the header X-Sudo-Grant: <grantId>.

Example

{
  "type": "https://brivo.ltd/docs/identity/api/errors/sudo-required",
  "title": "Forbidden",
  "status": 403,
  "detail": "Re-authentication required to perform \"delete-account\". Call POST /auth/session/sudo first."
}

Actions that require sudo

Any destructive or sensitive operation may require a sudo grant. The detail field always names the specific action string to pass to the sudo endpoint.

On this page