Skip to main content
POST
/
v3
/
users
/
delete
curl
curl -X POST 'https://verification.didit.me/v3/users/delete/' \
  -H 'x-api-key: YOUR_API_KEY' \
  -H 'Content-Type: application/json' \
  -d '{"vendor_data_list": ["user-123", "user-456"]}'
{ "deleted": 2 }

Overview

Deletes one or more User entities. Session history, transactions, and audit logs are retained for your application’s data retention period before hard deletion.

When to use it

  • Right-to-be-forgotten requests (GDPR / CCPA).
  • Clean-up of test users during QA.
  • Deprovisioning users removed from your own platform.

Notes

  • Accepts a list of vendor_data values or didit_internal_id values.
  • Idempotent — deleting an already-deleted user is a no-op and returns success for that row.
  • Returns per-row results so you can detect unknown IDs or rows that could not be deleted.
  • Emits a user.data.updated webhook with deleted_at set.
  • Faces, documents, and sessions linked to the user are deleted alongside and removed from the face-search index.

Permissions

Role must grant delete:users. This is typically reserved for OWNER and ADMIN.

Authorizations

x-api-key
string
header
required

Body

application/json

Provide exactly one of vendor_data_list, didit_internal_id_list, or delete_all: true.

vendor_data_list
string[]

Your own identifiers to delete. Matching is case-insensitive after normalisation.

didit_internal_id_list
string<uuid>[]

Didit's internal UUIDs (didit_internal_id) to delete.

delete_all
boolean
default:false

If true, deletes every user in the application. Cannot be combined with the list selectors.

Response

Users deleted. Returns the number of rows actually removed.

deleted
integer

Number of users deleted (excludes vendor_data values that didn't match anything).