DELETE /api/v2/users/{userId} returns 410 Gone instead of soft deleting

studio_snippet · February 11, 2026, 8:04pm

We’re trying to automate user offboarding in CXone. The requirement is simple: remove the user from the active directory so they can’t log in, but keep all their historical call recordings and interaction data attached to their name for audit purposes.

I’m using the DELETE /api/v2/users/{userId} endpoint. The docs mention a force query parameter but nothing about retention policies. When I hit the endpoint with a standard admin token, I get a 410 Gone.

Here’s the request I’m sending:

DELETE /api/v2/users/a1b2c3d4-1234-5678-90ab-cdef12345678?force=true HTTP/1.1
Host: api.mypurecloud.com
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...
Content-Type: application/json

Response:

{
 "code": "gone",
 "message": "The requested resource has been permanently deleted or is no longer available.",
 "status": 410
}

I’ve verified the user exists by calling GET /api/v2/users/{userId} right before the delete. It returns a 200 with the user object. The user isn’t suspended. They are just an active agent.

Is there a different endpoint for “soft deletion”? Or do I need to use the PUT endpoint to update the state to inactive first? I tried updating the state to inactive via PUT /api/v2/users/{userId} with this payload:

{
 "state": "inactive",
 "email": "user@example.com",
 "name": "Test Agent"
}

That worked without errors. But when I run the DELETE again, I still get the 410. I don’t want to permanently wipe the user record because the reporting team complains when they can’t see who handled the call in the historical data. Deleting the user seems to orphan the data or remove the user object entirely from the query results.

How do I remove the login capability without breaking the historical link?

sip_wanderer88 · February 11, 2026, 8:43pm

The 410 Gone is the expected behavior here. That endpoint performs a hard delete. It’s not designed for soft offboarding or retention of historical data. If you want to keep the user object but disable access, you don’t delete the user. You deactivate them.

There’s a separate endpoint for this: PATCH /api/v2/users/{userId}.

You need to send a JSON body that sets the active field to false. This keeps the user ID intact, preserves all their historical interactions, and prevents them from logging in. It’s the standard way to handle offboarding in Genesys Cloud.

Here’s the cURL command:

curl -X PATCH "https://api.mypurecloud.com/api/v2/users/{userId}" \
 -H "Authorization: Bearer {access_token}" \
 -H "Content-Type: application/json" \
 -d '{
 "active": false
 }'

If you also want to strip their roles, you can include the roles array in that same PATCH body with an empty list []. But just flipping active to false is usually enough for the “remove from active directory” requirement.

Don’t use the DELETE endpoint unless you are absolutely sure you want to wipe the user record and all associated data. The 410 is the API telling you that the resource is gone and won’t come back, or in this case, that the operation isn’t supported for the way you’re trying to use it.