Delete all aggregates (dev only)
Admin-only endpoint that performs a complete environment wipe. Deletes all events from R2, removes all aggregates from D1 (users, locks, temp_keys), and cleans up Durable Object instances. API keys are preserved so subsequent tests still work. ONLY permitted in the dev environment — returns 403 Forbidden on stage or production. Requires dual authentication: X-Admin-API-Key header and a JWT with @smartphonekey.com email domain.
curl -X POST "https://api.spkey.co/admin/cleanup/delete-all" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_API_TOKEN (JWT)" \
-H "X-API-Key: YOUR_API_KEY"
import requests
import json
url = "https://api.spkey.co/admin/cleanup/delete-all"
headers = {
"Content-Type": "application/json",
"Authorization": "Bearer YOUR_API_TOKEN (JWT)",
"X-API-Key": "YOUR_API_KEY"
}
response = requests.post(url, headers=headers)
print(response.json())
const response = await fetch("https://api.spkey.co/admin/cleanup/delete-all", {
method: "POST",
headers: {
"Content-Type": "application/json",
"Authorization": "Bearer YOUR_API_TOKEN (JWT)",
"X-API-Key": "YOUR_API_KEY"
}
});
const data = await response.json();
console.log(data);
package main
import (
"fmt"
"net/http"
)
func main() {
req, err := http.NewRequest("POST", "https://api.spkey.co/admin/cleanup/delete-all", nil)
if err != nil {
panic(err)
}
req.Header.Set("Content-Type", "application/json")
req.Header.Set("Authorization", "Bearer YOUR_API_TOKEN (JWT)")
req.Header.Set("X-API-Key", "YOUR_API_KEY")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
fmt.Println("Response Status:", resp.Status)
}
require 'net/http'
require 'json'
uri = URI('https://api.spkey.co/admin/cleanup/delete-all')
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
request = Net::HTTP::Post.new(uri)
request['Content-Type'] = 'application/json'
request['Authorization'] = 'Bearer YOUR_API_TOKEN (JWT)'
request['X-API-Key'] = 'YOUR_API_KEY'
response = http.request(request)
puts response.body
{
"success": true,
"operations": [
"null"
],
"deletionSummary": "example_string",
"auditLogPath": "example_string",
"duration": 3.14,
"errors": [
"example_string"
]
}
{
"error": "Unauthorized",
"message": "Authentication required. Please provide a valid API token",
"code": 401
}
{
"error": "Forbidden",
"message": "You don't have permission to access this resource",
"code": 403
}
{
"error": "Internal Server Error",
"message": "An unexpected error occurred on the server",
"code": 500,
"requestId": "req_1234567890"
}
/admin/cleanup/delete-all
Target server for requests. Edit to use your own host.
JWT token from SmartphoneKey authentication. Identifies the B2C user or B2B service.
API key for B2B organization access. Provided during organization onboarding.
Request Preview
Response
Response will appear here after sending the request
Authentication
Bearer token (JWT). JWT token from SmartphoneKey authentication. Identifies the B2C user or B2B service.
API Key for authentication. API key for B2B organization access. Provided during organization onboarding.