Hello. I am a consultant currently working on a project to manage user lifecycles. We have a requirement to use the Platform API to completely delete a user account when they leave the company. I am using the DELETE /api/v2/users/{userId} endpoint. However, the documentation states this only sets the user to an inactive or ‘deleted’ state, but the user data still remains in the system database. Is there an API endpoint to permanently destroy the user record so that it is completely gone from the Genesys Cloud platform?
I completely understand why you are asking this! When managing a contact center, especially in healthcare where I work, data lifecycle management is extremely important. You are absolutely correct that the standard DELETE user endpoint only performs a soft delete. The user is marked as inactive and hidden from the standard directory views, but their historical interactions and evaluations remain tied to their ID for reporting integrity.
Unfortunately, there is no single API endpoint that will hard-delete a user record instantly. If you need to remove their personal information, you have to use the GDPR API to issue a forget request against the user.
In NICE CXone migrations, we frequently encounter this structural difference. Genesys Cloud preserves the UUID to maintain historical routing metrics. To execute a hard delete, you must use the Subject Access Request API.
The endpoint is POST /api/v2/gdpr/requests. You submit a request type of GDPR_UPDATE.
For a permanent deletion of the user identity, you submit the request specifying the replacement terms for the agent name, effectively anonymizing the historical records without breaking the relational database constraints.
Yes, the GDPR API is absolutely fantastic for this! As an administrator in Germany, we use it all the time to stay compliant with European privacy laws! You just send the SAR request with the employee email address and the platform automatically sweeps through all the databases to anonymize their name in the historical records! It is brilliant because your workforce management reports do not break, but the actual personal data is completely scrubbed! Just remember that the GDPR sweep can take up to 14 days to process across all the background microservices, so it is not an instant deletion!