Userpilot supports data deletion to comply with the right to be forgotten under GDPR. Under this right, a user can request to delete all their data. Userpilot supports this right for all users, not just those in Europe. You can use the Deletion APIs to schedule a job to delete user or company data.

Authorization

Userpilot API uses API tokens to authenticate requests. You can view your API key in the Environment Page. Authentication Method: Include your API key in the Authorization header: 
-H 'Authorization: Token {{API_KEY}}'
All API requests must be made over HTTPS.
Your API key carries many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas.

Version

You must send the API version in the headers: 
-H 'X-API-Version: 2020-09-22'

Endpoints

For most users, the HTTP API endpoint URL is https://analytex.userpilot.io as the examples show. If you are on Enterprise or EU hosting, refer to the Environment Page in the application to retrieve your dedicated endpoint.

1. Delete Users

Endpoint: 
DELETE https://analytex.userpilot.io/v1/users
Headers:
HeaderValueRequired
Content-Typeapplication/jsonYes
AuthorizationToken {YOUR_API_KEY}Yes
X-API-Version2020-09-22Yes
Request Body:
FieldTypeRequiredDescription
usersarrayYesList of user IDs to be deleted
Example Request: 
curl -X DELETE https://analytex.userpilot.io/v1/users \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Token <API_KEY>' \
  -H 'X-API-Version: 2020-09-22' \
  -d '{"users": ["user_id", "user_id2"]}'

2. Delete Companies

Endpoint: 
DELETE https://analytex.userpilot.io/v1/companies
Headers:
HeaderValueRequired
Content-Typeapplication/jsonYes
AuthorizationToken {YOUR_API_KEY}Yes
X-API-Version2020-09-22Yes
Request Body:
FieldTypeRequiredDescription
companiesarrayYesList of company IDs to be deleted
Example Request: 
curl -X DELETE https://analytex.userpilot.io/v1/companies \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Token <API_KEY>' \
  -H 'X-API-Version: 2020-09-22' \
  -d '{"companies": ["company_id", "company_id2"]}'

Response

A successful request will schedule your delete job and return a 202 Accepted status with a message indicating how many users or companies have been scheduled for deletion. Example Response: 
{
  "message": "2 users have been scheduled for deletion"
}
Deletions are scheduled to be executed every 24 hours (daily at 2:00 AM UTC).

Rate Limits

The Delete API has the following rate limit:
  • Delete Operations: 1 request every 2 seconds for delete operations
If you exceed the rate limit, the API will return a 429 Too Many Requests error.
Best Practice: Implement exponential backoff and retry logic to handle rate limit errors gracefully.