Deactivate User

Soft-delete a KYC user (sets is_active=False).

Does not touch kyc_status or the verification provider applicant. Deactivated
users are hidden from the default GET /lists response unless the
caller passes include_inactive=true. Idempotent: re-deactivating
an already-inactive user is a no-op success.

require_client_permissions enforces allowed_roles only for
client_user actors; the explicit role guard below also rejects
client_api callers whose credential role is not Owner.

Recent Requests
Log in to see full request history
TimeStatusUser Agent
Retrieving recent requests…
LoadingLoading…

Deactivate (soft-delete) a KYC user. The user is marked inactive (is_active = false) and the supplied reason is recorded in the audit log. This does not change the user's kyc_status or remove any verification records. Deactivated users are excluded from the default GET /api/v1/kyc/users listing unless that request is made with include_inactive=true. The endpoint returns the updated user record.

The operation is idempotent: deactivating a user that is already inactive succeeds and returns the current record without writing a new audit entry.

Authentication & access

  • Requires a client token: Authorization: Bearer <token>.
  • The caller must hold the kyc.users.write permission.
  • The action is restricted to the OWNER role. Callers with any other role are rejected with 403.

Path parameters

ParameterInDescription
user_idpathID of the KYC user to deactivate. Must belong to your client.

Request body

FieldTypeConstraintsDescription
reasonstringrequired, 10–500 charactersOperational reason recorded in the audit log. The 10-character minimum ensures the audit trail captures meaningful context.

Response

200 OK returns the updated UserResponse, including id, email, full_name, kyc_status, verification_mode, external_verification_status, verification_source, is_active (now false), and created_at. The kyc_status value is unchanged by this operation.

Error responses

StatusWhen
404No user with the given user_id exists under this client
422Request body failed validation (e.g. reason shorter than 10 or longer than 500 characters, or missing)

Standard 401 (authentication), 403 (insufficient permission or role), and 429 (rate limit) responses apply to every endpoint and are documented in the Error reference.

Path Params
string
required
Body Params
string
required
length between 10 and 500

Operational reason recorded in audit log. Must be at least 10 characters so the audit trail captures meaningful context.

Responses

Language
Credentials
Bearer
LoadingLoading…
Response
Click Try It! to start a request and see the response here! Or choose an example:
application/json