Purge-events API returns 403 Forbidden even with ADMIN role and devmode enabled (v2025.1.4)

Hi,

I’m trying to use the /v1/public/purge-events endpoint in dev mode but I keep getting a 403 Forbidden error, even though:

  • axoniq.axonserver.devmode.enabled=true is set and confirmed via /v1/public/me ("developmentMode": true)
  • axoniq.axonserver.accesscontrol.enabled=true
  • User has ADMIN@* role (confirmed via /v1/public/user: "roles":["ADMIN@_admin","ADMIN@default"],"adminUser":true)

Environment:

  • Axon Server SE 2025.1.4 (Docker image axoniq/axonserver:2025.1.4)
  • Running on Kubernetes

What I tried:

# With Basic Auth (admin user with ADMIN role)
curl -X DELETE "http://localhost:8024/v1/public/purge-events?context=default" -u "admin:password"
# Returns: {"status":403,"error":"Forbidden"}

# With system token from /axonserver/security/.token
curl -X DELETE "http://localhost:8024/v1/public/purge-events?context=default" -H "AxonIQ-Access-Token: $SYS_TOKEN"
# Returns: {"status":403,"error":"Forbidden"}

# CLI also fails
java -jar axonserver-cli.jar purge-events -c default -t $SYS_TOKEN
# Returns: HTTP/1.1 403

The endpoint appears in the OpenAPI docs under the dev-mode-rest-controller tag, so it should be available.

Is there something else required to enable purge-events in SE? Or is this a bug in 2025.1.4?

Thanks!

Hey Vincent,

Thanks for reporting this issue. It for sure looks like a bug in Axon Server. I’ll check with the team and get back to you as soon as we find what went wrong.

Thanks for your patience.

Cheers,
Milan

Hi, any news on this ? I still got the error on the latest version (2025.2.6)

Regards,

Vincent.