Deleting a user

Privy allows you to delete users via their Privy DID. Deletion is an irreversible and destructive action; if the user logs into your app again, they will have a new DID, will have to relink any formerly linked accounts, and will get a new embedded wallet address. Please take extreme care when deleting users.

For security of user assets, Privy does not delete the embedded wallet, and instead "soft deletes" it by disassociating it from the deleted user. If the user still has access to their login method and their wallet password, if they have set one, their wallet can be recovered after deletion.

WARNING

Privy rate limits REST API endpoints that you may call from your server. If you suspect your team will require an increased rate limit, please reach out to support!

Using @privy-io/server-auth

Use the PrivyClient's' deleteUser method to delete a user. As a parameter, pass the user's Privy DID as a string:

await privy.deleteUser('did:privy:XXXXXX');

This method will throw an error if the deletion operation failed (e.g. due to an invalid Privy DID).

Using the REST API

Make a DELETE request to:

https://auth.privy.io/api/v1/users/<did>

Replace <did> with your user's Privy DID. It should have the format did:privy:XXXXXX.

Below is a sample cURL command for deleting the user object associated with a Privy DID:

curl --request DELETE https://auth.privy.io/api/v1/users/<user-did> \
-u "<your-privy-app-id>:<your-privy-app-secret>" \
-H "privy-app-id: <your-privy-app-id>"

If the deletion is successful, the API will return a 204 status code.

If there is no user associated with the Privy DID, the API will return a 404 status code.