REST endpoints
Remove LiveKit participant
Removes a participant from a LiveKit room, forcibly disconnecting them.
Access is authorized via metadata.auth_id check.
Note: This does not invalidate the participant’s token. To prevent rejoining, use short-lived tokens and avoid issuing new tokens to removed participants.
Arguments
state- Shared application state containing LiveKit configurationauth- Authentication context from middlewarerequest- Request with room name and participant identity
Returns
Response- JSON response with removal status or error
Authorization
- When
auth.idis present: Requiresroom.metadata.auth_id == auth.id - When
auth.idis absent: Access is allowed (backward-compatible mode)
Errors
- 400 Bad Request - Empty room name or participant identity
- 404 Not Found - Room/participant not found or access denied (masked)
- 500 Internal Server Error - LiveKit not configured or removal failed
Flow
- Validate request fields are not empty
- Check room access via metadata.auth_id
- Verify participant exists in the room
- Remove the participant
- Return success or appropriate error
DELETE
Handler for DELETE /livekit/participant endpoint
Removes a participant from a LiveKit room, forcibly disconnecting them. Access is authorized via
metadata.auth_id check.
Authorization
| Mode | Behavior |
|---|---|
Authenticated (auth.id present) | Requires room.metadata.auth_id == auth.id. |
Unauthenticated (auth.id absent) | Access is allowed (backward-compatible mode). |
Room names are used exactly as provided. No prefixing or modification is applied.
Request
Requiresroom_name and participant_identity in the request body.
Error responses
| Status | Condition |
|---|---|
400 Bad Request | Empty room name or participant identity. |
404 Not Found | Room/participant not found or access denied (masked for security). |
500 Internal Server Error | LiveKit not configured or removal failed. |
Authorizations
Authentication token for protected endpoints. Can be provided as Authorization: Bearer <token> or ?api_key=<token>. Required when AUTH_REQUIRED is enabled.
Body
application/json
Request body for removing a participant from a LiveKit room
Example
{
"room_name": "conversation-room-123",
"participant_identity": "user-alice-456"
}Response
Participant removed successfully
Response for a successful participant removal
Example
{
"status": "removed",
"room_name": "conversation-room-123",
"participant_identity": "user-alice-456"
}Previous
Mute LiveKit participantMutes or unmutes a participant's published track.
Access is authorized via `metadata.auth_id` check.
# Arguments
* `state` - Shared application state containing LiveKit configuration
* `auth` - Authentication context from middleware
* `request` - Request with room name, participant identity, track_sid, and muted state
# Returns
* `Response` - JSON response with mute status or error
# Authorization
- When `auth.id` is present: Requires `room.metadata.auth_id == auth.id`
- When `auth.id` is absent: Access is allowed (backward-compatible mode)
# Errors
* 400 Bad Request - Empty fields in request
* 404 Not Found - Room/participant not found or access denied (masked)
* 500 Internal Server Error - LiveKit not configured or mute operation failed
Next
Handler for DELETE /livekit/participant endpoint