Link Search Menu Expand Document

Deleting user accounts


  • Call name: delete-user
  • Endpoint URL:
  • Request methods: DELETE
  • Response Content-Type: application/json
  • Auth required: yes

Delete a user for legal purposes. This API endpoint obfuscates all personally-idenfiable user details such as first name, last name, email address, gender, date of birth and address details.

Version-Specific Information

The following version-specific changes apply to this endpoint. See the versioning page for more details.

Version Change details
>= 1.5.2 Added authentication_point_identifier as parameter (backwards compatible to release 1.0.0)

Permissions and Authentication

This API call requires a valid Spaaza session. The session can be one of the following:

Parameter Description
User Authentication A session generated by an end-user login
Admin Authentication A session generated by administrative user login. The performing admin user needs to be logged in and have delete access to the entity (business or chain) to which the user is connected.
Privileged Authentication An OAuth-based mechanism for trusted third-parties,the use of privileged authentication is permitted for this endpoint .

Please see the authentication section for more details.

Note that if admin authentication is used and the admin user does not have sufficient permissions to delete the user, an error will be generated.

HTTP Parameters

The following HTTP parameters can be passed to the API:

Parameter Description
chain_id (mandatory in the case of admin authentication) the id of the chain with which the user to be deleted is associated.
user_id or username or authentication_point_identifier or member_number (mandatory in the case of admin or privileged authentication, do not pass in the case of user authentication) the Spaaza user ID, username (email address) or member_number (user code) of the user to be deleted. One of these parameters must be supplied in the case of admin or privileged authentication. These parameters must not be passed in the case of user authentication.


The following headers can/must be passed to the API call:

Parameter Description
X-Spaaza-MyPrice-App-Hostname (mandatory in the case of user or privileged authentication if user_id parameter not sent) The hostname of the app for which the user is requesting the card. Required in the case of user authentication. Required in the case of privileged authentication when the user is identified by either the username or member_number parameter. Not required in the case of admin authentication.


This API call requires delete permissions when using admin authentication.


Returns an OK code and echoes the obfuscated user details. A sample is shown below:

  "result": {
      "code": 1,
      "status": "ok"
  "results": {
      "user_info": {
          "id": 3354896,
          "user_id": 3354896,
          "first_name": "Deleted",
          "last_name": "Deleted",
          "country_code": "IT",
          "username": "",
          "authentication_point_identifier": "23t24ty3464373",
          "auxiliary_identifier": null,
          "mailing_list": {
              "mailing_list_sub_offered": false,
              "mailing_list_subscribed": false,
              "printed_mailing_list_subscribed": false
          "entity_code": {
              "type": "custom",
              "code": "133791"
          "opt_in_programme": {
              "programme_opted_in": false,
              "join_date": null
          "registered": false,
          "address_streetname": null,
          "address_housenumber": null,
          "address_housenumber_extension": null,
          "address_line_2": null,
          "address_line_3": null,
          "address_towncity": null,
          "address_regionstate": null,
          "address_postalcode": null
      "result_type": "delete-user"