Account Withdrawal
The Account Withdrawal API allows users to permanently delete their accounts and associated data. This API implements GDPR-compliant data deletion procedures.
Overview
Account withdrawal is a permanent action that:
Deletes all user personal data
Revokes all active sessions
Removes user from all connected applications
Triggers data deletion across all integrated systems
⚠️ Warning: This action is irreversible. All user data will be permanently deleted.
Endpoint
POST /api/v1/users/{userId}/withdrawAuthentication
Requires user authentication with account management scope:
Authorization: Bearer YOUR_ACCESS_TOKEN
X-Required-Scope: account:manageRequest Parameters
Path Parameters
userId
string
Yes
The unique identifier of the user account
Request Body
{
"confirmation": "DELETE_MY_ACCOUNT",
"reason": "no_longer_needed",
"feedback": "Optional feedback about the deletion",
"data_retention": {
"analytics": false,
"audit_logs": true,
"transaction_history": false
}
}Body Parameters
confirmation
string
Yes
Must be exactly "DELETE_MY_ACCOUNT"
reason
string
No
Reason for account deletion (see reasons below)
feedback
string
No
Optional feedback (max 500 characters)
data_retention
object
No
Specify what data to retain for compliance
Deletion Reasons
no_longer_needed
Service no longer needed
privacy_concerns
Privacy concerns
switching_service
Switching to another service
account_security
Security concerns
other
Other reason (requires feedback)
Response
Success Response
{
"success": true,
"data": {
"withdrawal_id": "wd_1234567890",
"status": "processing",
"scheduled_completion": "2025-07-18T10:30:00Z",
"data_retention_period": 30,
"deletion_steps": [
{
"step": "user_profile",
"status": "completed",
"completed_at": "2025-07-11T10:30:00Z"
},
{
"step": "session_revocation",
"status": "completed",
"completed_at": "2025-07-11T10:30:01Z"
},
{
"step": "third_party_integrations",
"status": "processing",
"estimated_completion": "2025-07-11T12:00:00Z"
},
{
"step": "data_archives",
"status": "pending",
"estimated_completion": "2025-07-18T10:30:00Z"
}
]
},
"message": "Account withdrawal initiated successfully",
"timestamp": "2025-07-11T10:30:00Z"
}Error Response
{
"success": false,
"error": {
"code": "WITHDRAWAL_001",
"message": "Invalid confirmation string",
"details": "Confirmation must be exactly 'DELETE_MY_ACCOUNT'"
},
"timestamp": "2025-07-11T10:30:00Z"
}Withdrawal Process
The account withdrawal process consists of several steps:
Immediate Actions (0-5 minutes):
Revoke all active sessions
Disable account access
Remove user from active applications
Data Deletion (5-60 minutes):
Delete user profile data
Remove authentication data
Delete user preferences
Third-Party Integration (1-24 hours):
Notify connected applications
Remove user from external systems
Delete shared data
Archive Cleanup (1-7 days):
Remove backup data
Clean audit logs (if requested)
Purge cache data
Checking Withdrawal Status
Endpoint
GET /api/v1/users/{userId}/withdrawal/{withdrawalId}Response
{
"success": true,
"data": {
"withdrawal_id": "wd_1234567890",
"status": "completed",
"completed_at": "2025-07-18T10:30:00Z",
"data_retention": {
"audit_logs": true,
"retention_period": 30
}
}
}Error Codes
WITHDRAWAL_001
Invalid confirmation string
WITHDRAWAL_002
Account already withdrawn
WITHDRAWAL_003
Withdrawal not allowed (pending transactions)
WITHDRAWAL_004
Withdrawal ID not found
WITHDRAWAL_005
Insufficient permissions
Data Retention
Certain data may be retained for legal and compliance purposes:
Always Retained (30 days)
Transaction audit logs
Security incident logs
Legal compliance data
Configurable Retention
Analytics data (can be immediately deleted)
Communication logs (can be immediately deleted)
Integration logs (can be immediately deleted)
Legal Compliance
This API complies with:
GDPR (General Data Protection Regulation)
CCPA (California Consumer Privacy Act)
PIPEDA (Personal Information Protection and Electronic Documents Act)
Best Practices
User Confirmation: Always require explicit user confirmation
Reason Collection: Collect deletion reasons for service improvement
Grace Period: Consider implementing a grace period for accidental deletions
Backup Warning: Clearly communicate that data cannot be recovered
Status Tracking: Provide withdrawal status updates to users
Example Implementation
JavaScript/Node.js
const upbond = require('@upbond/user-management-js');
async function withdrawAccount(userId, accessToken) {
try {
const response = await upbond.users.withdraw(userId, {
confirmation: 'DELETE_MY_ACCOUNT',
reason: 'no_longer_needed',
feedback: 'Found a better alternative service',
data_retention: {
analytics: false,
audit_logs: true,
transaction_history: false
}
}, {
headers: {
'Authorization': `Bearer ${accessToken}`
}
});
console.log('Withdrawal initiated:', response.data.withdrawal_id);
return response.data;
} catch (error) {
console.error('Withdrawal failed:', error.response.data);
throw error;
}
}Python
import upbond_user_management as upbond
def withdraw_account(user_id, access_token):
try:
response = upbond.users.withdraw(
user_id=user_id,
confirmation="DELETE_MY_ACCOUNT",
reason="no_longer_needed",
feedback="Found a better alternative service",
data_retention={
"analytics": False,
"audit_logs": True,
"transaction_history": False
},
headers={"Authorization": f"Bearer {access_token}"}
)
print(f"Withdrawal initiated: {response['data']['withdrawal_id']}")
return response['data']
except Exception as error:
print(f"Withdrawal failed: {error}")
raiseRecovery Options
⚠️ Account withdrawal is permanent and irreversible.
If a user needs to use the service again after withdrawal:
They must create a new account
Previous data cannot be recovered
Previous integrations must be reconfigured
Support
For issues with account withdrawal:
Technical Support: support@upbond.io
Privacy Questions: privacy@upbond.io
Legal Inquiries: legal@upbond.io
Last updated
Was this helpful?