Cloud Administration Mark User Deleted API

The Cloud Administration Mark User Deleted API can do the following:

  • Mark an inactive user as pending for future deletion. The marked user will be deleted from the Cloud Authentication Service when automatic bulk deletion has taken place.

  • Undelete a user if marking the user for deletion was a mistake.

Users marked as deleted are removed from the Cloud Authentication Service after seven days. Once deleted, a user can no longer authenticate through the service or register a device. Deletion removes all information and devices associated with the user from the Cloud Authentication Service.


Clients calling this API must authenticate themselves by including a JSON Web Token in a request. For instructions on using this token, see Authentication for the Cloud Administration REST APIs.

Administrative Roles

This API can use an API key that is associated with either the Super Administrator or Help Desk Administrator role. For more information, see Manage the Cloud Administration REST API Keys.

Software Developer Kit

You can download the API Software Developer Kit (SDK) from Cloud Administration REST API Download.

Request Requirements

Use the following information to mark a user for deletion.

Method Request URL Response Codes
PUT /AdminInterface/restapi/v1/users/
200, 400, 403, 404, 405, 409, 500

Request Parameter

The Mark Deleted API allows the following parameter.

Request Parameter Description Data Type
<userId> Unique user identifier that is sent in response to the SecurID User Details API .

Request Body

The following table describes the request body.

Request Body Description Data Type

Must be true or false.

  • true - User is marked as pending delete and must not be previously marked as pending delete.
  • false - User is unmarked for pending delete and must be previously marked as pending delete.

Example Request Data

The following example displays a request.

PUT /https://localhost/AdminInterface/restapi/v1/users/eb2e12ae-1112-451b-98e1-dfe4e6afd60d/markDeleted

Content-Type: application/json

Authorization: Bearer <JWT token>


"markDeleted": "true"


Example Response

The following example response shows the deletion status of a single user.


"id": "bf40077e-767b-495d-a7c8-d9909601bea6",

"markDeleted": "true",

"markDeletedBy": "Some user",

"markDeletedAt": "2018-08-31T19:10:30.045Z"


Response Property Descriptions

The following table shows property descriptions and data types.

Property Description Data Type
id Identifies the user. String
markDeleted Indicates whether the user is marked for delete. Boolean

Date when a user is marked for delete.

for information on formatting timestamps in ISO 8601 format.

markDeletedBy Administrator who initiated mark for delete. String

Response Codes

The following table shows response codes and descriptions for API.

Code Description
200 Successfully marked the user for deletion or cleared marked user for deletion.

Operation is not performed. One of the following messages is returned:

  • markDeleted property is required and must be true or false.
  • Unexpected parameters provided.
403 Not authorized to perform the request.
404 User does not exist.
405 Method Not Allowed. The method you are using is not allowed for users in the SCIM Managed and Azure Active Directory (SCIM) identity sources.

Operation is not performed because it violates a business rule and returns one of the following messages:

  • Cannot mark delete enabled users.
  • Cannot mark delete users that are currently marked for delete.
  • Cannot undelete users that are not currently marked for delete.
429 Too many requests.

Internal server error occurred when processing the request. The following message is returned:

Unknown error. Mark user for Delete/Undelete returned null response from Cloud Authentication Service. Or an unexpected error occurred.