Reference / Users

GDPR right-to-erasure. Irreversibly anonymizes the user's PII and cascades to credentials, factors, refresh tokens, sessions, devices, memberships, and ReBAC tuples, leaving a tombstone. Emits `user.erased` (audited). Requires `users:delete`.

POST /v1/users/{id}/erase
Secret API key operationId: erase

Authorization

Server-to-server. Send a secret key as a Bearer token plus the x-application-id header.

Path parameters

  • id string<uuid> required

    User id

Responses

200 Erased
{
  "data": {
    "deleted": false
  },
  "error": {
    "code": "string",
    "message": "string"
  },
  "meta": {
    "timestamp": "string"
  },
  "success": false
}
404 Unknown user

Request

curl -X POST "http://localhost:8080/v1/users/018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f/erase" \

Try it

live request
POST http://localhost:8080/v1/users/018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f/erase

Path parameters