Delete User Personal Data
Anonymize a user's personal data while preserving the user record.
Authentication
This endpoint requires a bearer access token for the System API.
Endpoint
PUT /api/v1/users/{userId}/personal-data
Authorization: Bearer YOUR_ACCESS_TOKEN
Content-Type: application/json
Request
Headers
| Header | Required | Description |
|---|---|---|
Authorization | Yes | Bearer token for a System API client |
Content-Type | Yes | Must be application/json |
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
userId | integer | Yes | User identifier. Must be greater than 0. |
Query Parameters
This endpoint does not accept query parameters.
Request Body
{
"triggerWebhook": false,
"notifyUserViaEmail": false
}
Request Fields
| Field | Type | Required | Description |
|---|---|---|---|
triggerWebhook | boolean | No | Accepted by the API for webhook workflow control. Default: false. |
notifyUserViaEmail | boolean | No | Accepted by the API for notification workflow control. Default: false. |
Response
204 No Content
The user personal data was anonymized successfully.
This endpoint does not return a response body on success.
Errors
| Status | When it happens |
|---|---|
400 Bad Request | The anonymization process cannot be completed |
401 Unauthorized | The bearer token is missing, invalid, or expired |
403 Forbidden | The token is valid but does not have access to this endpoint |
404 Not Found | No user exists with the provided userId |
400 Example
Failed to anonymize user data.
404 Example
User not found
Behavior
- Current access for the user is revoked
- Avatar storage is removed when an avatar exists
- External logins are removed
- User claims are removed
- The user record is anonymized:
firstNamebecomesDeletedlastNamebecomesUserstatusbecomesArchived- email and username are replaced with a unique
deleted.guardhouse.localaddress - password and two-factor data are cleared
- phone data is cleared
- suspension reason is cleared
triggerWebhookis accepted by the endpoint, but this endpoint does not currently expose a documented webhook resultnotifyUserViaEmailis accepted by the endpoint, but this endpoint does not currently expose a documented notification result
Example
cURL
curl -X PUT "https://your-tenant.guardhouse.cloud/api/v1/users/101/personal-data" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"triggerWebhook": false,
"notifyUserViaEmail": false
}'
.NET SDK
using Guardhouse.SDK.Models.Users.Privacy;
using Guardhouse.SDK.Services;
// Assumes AddGuardhouseClientWithApiClients(...) is already configured.
app.MapPut("/example/users/{userId:int}/personal-data", async (int userId, IGuardhouseUsersClient usersClient) =>
{
var deleted = await usersClient.DeleteUserPersonalDataAsync(userId, new DeleteUserPersonalDataRequest
{
TriggerWebhook = false,
NotifyUserViaEmail = false
});
return deleted ? Results.NoContent() : Results.NotFound();
});
Python SDK
# SDK support is in development.
# Use raw HTTP for now.
#
# Example shape:
# response = requests.put(
# "https://your-tenant.guardhouse.cloud/api/v1/users/101/personal-data",
# headers={
# "Authorization": "Bearer YOUR_ACCESS_TOKEN",
# "Content-Type": "application/json",
# },
# json={
# "triggerWebhook": False,
# "notifyUserViaEmail": False,
# },
# )
Notes
- This endpoint anonymizes the user instead of deleting the user record entirely.
- Use Get User By ID after this operation if you need to inspect the archived record.