Purge-events API returns 403 Forbidden even with ADMIN role and devmode enabled (v2025.1.4)

vcanuel_sb · November 25, 2025, 12:57pm

Hi,

I’m trying to use the /v1/public/purge-events endpoint in dev mode but I keep getting a 403 Forbidden error, even though:

axoniq.axonserver.devmode.enabled=true is set and confirmed via /v1/public/me ("developmentMode": true)
axoniq.axonserver.accesscontrol.enabled=true
User has ADMIN@* role (confirmed via /v1/public/user: "roles":["ADMIN@_admin","ADMIN@default"],"adminUser":true)

Environment:

Axon Server SE 2025.1.4 (Docker image axoniq/axonserver:2025.1.4)
Running on Kubernetes

What I tried:

# With Basic Auth (admin user with ADMIN role)
curl -X DELETE "http://localhost:8024/v1/public/purge-events?context=default" -u "admin:password"
# Returns: {"status":403,"error":"Forbidden"}

# With system token from /axonserver/security/.token
curl -X DELETE "http://localhost:8024/v1/public/purge-events?context=default" -H "AxonIQ-Access-Token: $SYS_TOKEN"
# Returns: {"status":403,"error":"Forbidden"}

# CLI also fails
java -jar axonserver-cli.jar purge-events -c default -t $SYS_TOKEN
# Returns: HTTP/1.1 403

The endpoint appears in the OpenAPI docs under the dev-mode-rest-controller tag, so it should be available.

Is there something else required to enable purge-events in SE? Or is this a bug in 2025.1.4?

Thanks!

Milan_Savic · November 27, 2025, 1:53pm

Hey Vincent,

Thanks for reporting this issue. It for sure looks like a bug in Axon Server. I’ll check with the team and get back to you as soon as we find what went wrong.

Thanks for your patience.

Cheers,
Milan