Delete user aggregate
Admin-only endpoint for deleting a user aggregate. Supports two modes: DELETE_DO_ONLY removes the Durable Object instance while preserving R2 events (the state will be restored on next access), and DELETE_DO_AND_EVENTS archives all events to a timestamped folder then permanently removes the DO instance and D1 entries. Requires dual authentication: X-Admin-API-Key header and a JWT with @smartphonekey.com email domain.
curl -X DELETE "https://api.spkey.co/admin/cleanup/users/example_string?mode=DELETE_DO_ONLY" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_API_TOKEN (JWT)" \
-H "X-API-Key: YOUR_API_KEY"
import requests
import json
url = "https://api.spkey.co/admin/cleanup/users/example_string?mode=DELETE_DO_ONLY"
headers = {
"Content-Type": "application/json",
"Authorization": "Bearer YOUR_API_TOKEN (JWT)",
"X-API-Key": "YOUR_API_KEY"
}
response = requests.delete(url, headers=headers)
print(response.json())
const response = await fetch("https://api.spkey.co/admin/cleanup/users/example_string?mode=DELETE_DO_ONLY", {
method: "DELETE",
headers: {
"Content-Type": "application/json",
"Authorization": "Bearer YOUR_API_TOKEN (JWT)",
"X-API-Key": "YOUR_API_KEY"
}
});
const data = await response.json();
console.log(data);
package main
import (
"fmt"
"net/http"
)
func main() {
req, err := http.NewRequest("DELETE", "https://api.spkey.co/admin/cleanup/users/example_string?mode=DELETE_DO_ONLY", nil)
if err != nil {
panic(err)
}
req.Header.Set("Content-Type", "application/json")
req.Header.Set("Authorization", "Bearer YOUR_API_TOKEN (JWT)")
req.Header.Set("X-API-Key", "YOUR_API_KEY")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
fmt.Println("Response Status:", resp.Status)
}
require 'net/http'
require 'json'
uri = URI('https://api.spkey.co/admin/cleanup/users/example_string?mode=DELETE_DO_ONLY')
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
request = Net::HTTP::Delete.new(uri)
request['Content-Type'] = 'application/json'
request['Authorization'] = 'Bearer YOUR_API_TOKEN (JWT)'
request['X-API-Key'] = 'YOUR_API_KEY'
response = http.request(request)
puts response.body
{
"success": true,
"userId": "example_string",
"mode": "example_string",
"operations": [
"null"
],
"deletionSummary": "example_string",
"auditLogPath": "example_string",
"duration": 3.14,
"errors": [
"example_string"
]
}
{
"error": "Bad Request",
"message": "The request contains invalid parameters or malformed data",
"code": 400,
"details": [
{
"field": "email",
"message": "Invalid email format"
}
]
}
{
"error": "Unauthorized",
"message": "Authentication required. Please provide a valid API token",
"code": 401
}
{
"error": "Internal Server Error",
"message": "An unexpected error occurred on the server",
"code": 500,
"requestId": "req_1234567890"
}
/admin/cleanup/users/{userId}Target server for requests. Edit to use your own host.
JWT token from SmartphoneKey authentication. Identifies the B2C user or B2B service.
API key for B2B organization access. Provided during organization onboarding.
User ID to delete
Deletion mode: DELETE_DO_ONLY preserves R2 events, DELETE_DO_AND_EVENTS archives and removes everything
Request Preview
Response
Response will appear here after sending the request
Authentication
Bearer token (JWT). JWT token from SmartphoneKey authentication. Identifies the B2C user or B2B service.
API Key for authentication. API key for B2B organization access. Provided during organization onboarding.
Path Parameters
User ID to delete
Query Parameters
Deletion mode: DELETE_DO_ONLY preserves R2 events, DELETE_DO_AND_EVENTS archives and removes everything
DELETE_DO_ONLYDELETE_DO_AND_EVENTS