diff --git a/access_user_tokens.go b/access_user_tokens.go
new file mode 100644
index 00000000000..81f73fa30f1
--- /dev/null
+++ b/access_user_tokens.go
@@ -0,0 +1,38 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+)
+
+type AccessUserEmail struct {
+	Email string `json:"email"`
+}
+
+// RevokeAccessUserTokens revokes any outstanding tokens issued for a specific user
+// Access User.
+//
+// API reference: https://api.cloudflare.com/#access-organizations-revoke-all-access-tokens-for-a-user
+func (api *API) RevokeAccessUserTokens(ctx context.Context, accountID string, accessUserEmail AccessUserEmail) error {
+	return api.revokeUserTokens(ctx, accountID, accessUserEmail, AccountRouteRoot)
+}
+
+// RevokeZoneLevelAccessUserTokens revokes any outstanding tokens issued for a specific user
+// Access User.
+//
+// API reference: https://api.cloudflare.com/#zone-level-access-organizations-revoke-all-access-tokens-for-a-user
+func (api *API) RevokeZoneLevelAccessUserTokens(ctx context.Context, zoneID string, accessUserEmail AccessUserEmail) error {
+	return api.revokeUserTokens(ctx, zoneID, accessUserEmail, ZoneRouteRoot)
+}
+
+func (api *API) revokeUserTokens(ctx context.Context, id string, accessUserEmail AccessUserEmail, routeRoot RouteRoot) error {
+	uri := fmt.Sprintf("/%s/%s/access/organizations/revoke_user", routeRoot, id)
+
+	_, err := api.makeRequestContext(ctx, http.MethodPost, uri, accessUserEmail)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/access_user_tokens_test.go b/access_user_tokens_test.go
new file mode 100644
index 00000000000..50720f2119e
--- /dev/null
+++ b/access_user_tokens_test.go
@@ -0,0 +1,55 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"github.com/stretchr/testify/assert"
+	"net/http"
+	"testing"
+)
+
+func TestRevokeUserTokens(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"result": true
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/organizations/revoke_user", handler)
+
+	AccessUserEmail := AccessUserEmail{Email: "test@example.com"}
+
+	err := client.RevokeAccessUserTokens(context.Background(), testAccountID, AccessUserEmail)
+
+	assert.NoError(t, err)
+}
+
+func TestZoneLevelRevokeUserTokens(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"result": true
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/organizations/revoke_user", handler)
+
+	AccessUserEmail := AccessUserEmail{Email: "test@example.com"}
+
+	err := client.RevokeZoneLevelAccessUserTokens(context.Background(), testZoneID, AccessUserEmail)
+
+	assert.NoError(t, err)
+}