Delete Account

curl --request POST \
  --url https://api.example.com/api/v1/auth/account/delete \
  --header 'Content-Type: application/json' \
  --header 'X-API-Key: <api-key>' \
  --data '
{
  "password": "<string>"
}
'

{
  "detail": [
    {
      "loc": [
        "<string>"
      ],
      "msg": "<string>",
      "type": "<string>",
      "ctx": {},
      "input": "<unknown>"
    }
  ]
}

auth

Delete Account

Schedule account deletion with a 30-day GDPR grace period.

Instead of immediately hard-deleting, this sets deletion_scheduled_at = now()+30 days, revokes all active sessions (forces re-authentication), and returns 202. A Celery Beat task runs daily and performs the actual hard-delete once the grace period expires. Users can cancel by re-authenticating and calling POST /auth/account/cancel-deletion.

Cascade behaviour (applied at hard-delete time):

Workspaces where user is the sole member are deleted entirely (including Stripe customer).
Workspaces where user is the sole owner but has other members → 409 (transfer first).
Workspaces where there are other owners → user’s membership removed; workspace survives.

POST

api

auth

account

delete

Delete Account

curl --request POST \
  --url https://api.example.com/api/v1/auth/account/delete \
  --header 'Content-Type: application/json' \
  --header 'X-API-Key: <api-key>' \
  --data '
{
  "password": "<string>"
}
'

{
  "detail": [
    {
      "loc": [
        "<string>"
      ],
      "msg": "<string>",
      "type": "<string>",
      "ctx": {},
      "input": "<unknown>"
    }
  ]
}

Authorizations

X-API-Key

string

header

required

Headers

X-Workspace-Id

string | null

Cookies

riftmap_access

string | null

Body

application/json

password

string | null

Response

Successful Response

Cancel Account Deletion Verify Email