Removing user identifiers
Learn how to remove user identifiers from Cloud Identity Plane (CIP).
About this tutorial
CIP provides APIs allowing you to remove user identifiers in two ways:
-
Remove all identifiers matching the values in the request, regardless of their type (UID, e-mail, mobile)
-
Remove only matching identifiers of a specific type - this approach mitigates the risk of deleting identifiers of a different type having the same value.
Following this tutorial, you can try it out both ways and learn the difference. Keep in mind that it’s not possible to use both options simultaneously.
Prerequisites
-
CIP up and running
-
Administrator account in CIP with the ADMIN_REMOVE_IDENTIFIERS entitlement
Remove user identifiers
-
Authenticate to CIP as an administrator by sending a request to
https://example.com/api/authn/identifierpassword
(or use any of the available authentication methods).-
Replace
example.com
with your actual CIP domain. -
Set
identifier
andpassword
to your own credentials.
curl --verbose POST 'https://example.com/api/authn/identifierpassword' \ --header 'Content-Type: application/json' \ --data-raw '{ "identifier": "YOUR_IDENTIFIER", "password": "t0ps3cr3t" }'
Result
Authorization token is returned in the response body (code 201 is returned). Save this token.
< HTTP/2 201 < date: Tue, 08 Jun 2021 12:41:01 GMT < content-type: application/json < content-length: 48 < server: nginx < trace-id: 23b5a553fb95a19c < access-control-allow-credentials: true < access-control-allow-headers: * < access-control-allow-methods: * < access-control-max-age: 600 < * Connection #0 to host example.com left intact {"token":"0d25bdba-009b-47a9-a985-554692572b1e"}* Closing connection 0
More information
You can read more about authentication options in the REST API authentication documentation.
-
-
Send a request to the
https://example.com/api/users/{identifier}/identifiers/remove
endpoint. Provide the following data in the body:- To send a general identifier removal request, pass a list of identifiers in the
identifiers
array:
curl --request POST \ --url https://example.com/api/users/{identifier}/identifiers/remove \ --header 'Authorization: Bearer 0d25bdba-009b-47a9-a985-554692572b1e' \ --data '{"identifiers":["user1@example.com", "1555555555"]}'
Result
Identifiers matching the provided values are removed, regardless of their type. Note that, in theory, multiple identifiers can be removed this way by passing a given value, when different identifier types have the same value.
- To send a type-specific request, provide type-value pairs as separate objects within the
typedIdentifiers
array:
curl --request POST \ --url https://example.com/api/users/{identifier}/identifiers/remove \ --header 'Authorization: Bearer 0d25bdba-009b-47a9-a985-554692572b1e' \ --data '{ "typedIdentifiers": [ { "identifierType": "email", "identifierValue": "user1@cloudentity.com" }, { "identifierType": "mobile", "identifierValue": "15555555555" } ] }'
Result
Identifiers matching both the provided type and value are removed.
- To send a general identifier removal request, pass a list of identifiers in the
Related articles
Having tried out the customer notification API, you might be interested in the reference API documentation about the removeIdentifiers endpoint.