Userpilot supports data deletion to comply with the right to be forgotten under GDPR. Under this right, a user can request to delete all their data. Userpilot supports this right for all users, not just those in Europe. You can use the Deletion APIs to schedule a job to delete user or company data.
Authorization
Userpilot API uses API tokens to authenticate requests. You can view your API key in the Environment Page.
Authentication Method:
Include your API key in the Authorization header:
-H 'Authorization: Token {{API_KEY}}'
All API requests must be made over HTTPS.
Your API key carries many privileges, so be sure to keep them secure! Do not
share your secret API keys in publicly accessible areas.
Version
You must send the API version in the headers:
-H 'X-API-Version: 2020-09-22'
Endpoints
For most users, the HTTP API endpoint URL is https://analytex.userpilot.io as the examples show. If you are on Enterprise or EU hosting, refer to the Environment Page in the application to retrieve your dedicated endpoint.
1. Delete Users
Endpoint:
DELETE https://analytex.userpilot.io/v1/users
| Header | Value | Required |
|---|
Content-Type | application/json | Yes |
Authorization | Token {YOUR_API_KEY} | Yes |
X-API-Version | 2020-09-22 | Yes |
| Field | Type | Required | Description |
|---|
users | array | Yes | List of user IDs to be deleted |
curl -X DELETE https://analytex.userpilot.io/v1/users \
-H 'Content-Type: application/json' \
-H 'Authorization: Token <API_KEY>' \
-H 'X-API-Version: 2020-09-22' \
-d '{"users": ["user_id", "user_id2"]}'
2. Delete Companies
Endpoint:
DELETE https://analytex.userpilot.io/v1/companies
| Header | Value | Required |
|---|
Content-Type | application/json | Yes |
Authorization | Token {YOUR_API_KEY} | Yes |
X-API-Version | 2020-09-22 | Yes |
| Field | Type | Required | Description |
|---|
companies | array | Yes | List of company IDs to be deleted |
curl -X DELETE https://analytex.userpilot.io/v1/companies \
-H 'Content-Type: application/json' \
-H 'Authorization: Token <API_KEY>' \
-H 'X-API-Version: 2020-09-22' \
-d '{"companies": ["company_id", "company_id2"]}'
Response
A successful request will schedule your delete job and return a 202 Accepted status with a message indicating how many users or companies have been scheduled for deletion.
Example Response:
{
"message": "2 users have been scheduled for deletion"
}
Deletions are scheduled to be executed every 24 hours (daily at 2:00 AM UTC).
Rate Limits
The Delete API has the following rate limit:
- Delete Operations: 1 request every 2 seconds for delete operations
If you exceed the rate limit, the API will return a 429 Too Many Requests error.
Best Practice: Implement exponential backoff and retry logic to handle rate limit errors gracefully.
