Skip to main content
POST
/
:projectId
/
api
/
v7
/
auth
/
confirm-account-deletion
Confirm Account Deletion
curl --request POST \
  --url https://api.sublay.io/api/v6/:projectId/api/v7/auth/confirm-account-deletion \
  --header 'Content-Type: application/json' \
  --data '
{
  "code": "<string>"
}
'
Completes the self-service account-deletion flow. Verifies the one-time code sent by the Request Account Deletion endpoint and, on a match, permanently deletes the authenticated user’s account. Requires a valid user access token. The cascade is identical to the service-key Delete User endpoint: reactions, files, follows, connections, collections, reports, mentions, notifications, and embeddings are removed, while the user’s entities and comments are preserved as hollow shells (their userId, content, and attachments cleared) to keep threads intact.
Deletion is immediate and irreversible. There is no grace period and no recovery once this endpoint returns 204.

Body Parameters

code
string
required
The one-time confirmation code from the deletion email. Must match the most recently issued code exactly.

Response

Returns 204 No Content on success. The user and their session tokens no longer exist after this call.

Error Codes

CodeStatusDescription
auth/invalid-or-expired-code400The code does not match, was never issued, or has expired (10-minute TTL).
user/not-found404The authenticated user no longer exists.
user/delete-failed404The user could not be deleted (not found or already deleted).
The confirmation code is single-use — it is consumed once deletion succeeds, so it cannot be replayed. If deletion fails with a server error, the code is left in place so you can retry until it expires (10-minute TTL).

See Also