Skip to main content
POST
curl

Overview

Deletes one or more User entities. Session history, transactions, and audit logs are retained for your application’s data retention period before hard deletion.

When to use it

  • Right-to-be-forgotten requests (GDPR / CCPA).
  • Clean-up of test users during QA.
  • Deprovisioning users removed from your own platform.

Notes

  • Accepts a list of vendor_data values or didit_internal_id values.
  • Idempotent — deleting an already-deleted user is a no-op and returns success for that row.
  • Returns per-row results so you can detect unknown IDs or rows that could not be deleted.
  • Emits a user.data.updated webhook with deleted_at set.
  • Faces, documents, and sessions linked to the user are deleted alongside and removed from the face-search index.

Permissions

Role must grant delete:users. This is typically reserved for OWNER and ADMIN.

Authorizations

x-api-key
string
header
required

Body

application/json

Provide vendor_data_list or delete_all: true. When delete_all is true it takes precedence and vendor_data_list is ignored.

vendor_data_list
string[]

Your own identifiers to delete, matched exactly as sent.

delete_all
boolean
default:false

If true, deletes every user in the application.

Response

Users deleted. Returns the number of rows actually removed.

deleted
integer

Number of users deleted (excludes vendor_data values that didn't match anything).