The Bulk Profile Deletion API allows you to programatically remove customer profiles, helping to improve your data quality and maintain your compliance with privacy requirements. This API-first approach to profile deletion allows you to automate an often complex and time-consuming process.
By removing erroneous or unnecessary profiles in bulk, you can resolve data integrity problems that propagated from a small error or bug in your code.
The Bulk Profile Deletion API should not be confused with the Data Subject Requests (DSR) API. There are several critical differences:
When using the Bulk Profile Data Deletion API, you must authenticate with Basic Auth using a key and secret from one of your configured inputs.
POST
<base_url>/userprofile/experimental/bulkdelete
The base URL is specific to the pod location your account is hosted in. Replace <base_url>
with the appropriate URL:
https://s2s.mparticle.com
https://s2s.us2.mparticle.com
https://s2s.eu1.mparticle.com
https://s2s.au1.mparticle.com
mParticle MPIDs are 64-bit signed integers. Some languages, such as Javascript, do not support these and will truncate. We suggest storing and sending these as strings to avoid truncation or rounding.
Your request should always consist of an array of mpid
and action
pairs as shown in the example above, even if your request contains only a single user profile. Submitting a request containing a single object that is not within an array will result in an error.
[
{
"mpid": "profile-mpid-1",
"action": "delete"
},
{
"mpid": "profile-mpid-2",
"action": "delete"
},
{
"mpid": "profile-mpid-3",
"action": "delete"
}
]
A successful request receives a 202 Accepted
response. To positively verify your request, follow the steps in Verify the deletion request.
While the Bulk Profile Deletion API is a Beta release, profile data is not deleted from mParticle’s underlying event store. To remove user data from the event store, you can either:
After submitting your request, you can positively verify the successful removal of specific user data with two methods:
For example, assume invalid data was sent to a set of profiles between February 1st and February 10th, and you need to delete the now compromised profiles:
Since the Profile API can retrieve user profiles from mParticle, it can also be used to verify the removal of specific profiles.
https://sso.auth.mparticle.com/oauth/token
.The JSON body of the request must contain:
client_id
- the client ID, issued by mParticle when creating the API credentialsclient_secret
- the client secret, issued by mParticle when creating the API credentialsaudience
- set to a value of "https://api.mparticle.com"
grant_type
- set to a value of "client_credentials"
curl --request POST \
--url https://sso.auth.mparticle.com/oauth/token \
--header 'content-type: application/json' \
--data '{"client_id":"...","client_secret":"...","audience":"https://api.mparticle.com","grant_type":"client_credentials"}'
POST /oauth/token HTTP/1.1
Host: sso.auth.mparticle.com
Content-Type: application/json
{
"client_id": "your_client_id",
"client_secret": "your_client_secret",
"audience": "https://api.mparticle.com",
"grant_type": "client_credentials"
}
A successful POST request to the token endpoint results in a JSON response as follows:
{
"access_token": "YWIxMjdi883GHBBDnjsdKAJQxNjdjYUUJABbg6hdI.8V6HhxW-",
"expires_in" : 28800,
"token_type": "Bearer"
}
Your request to the Profile API can be authorized by setting the authorization header to:
Authorization: Bearer YWIxMjdi883GHBBDnjsdKAJQxNjdjYUUJABbg6hdI.8V6HhxW-
Tokens cannot be revoked, but they expire every eight hours. The initial token request can take between one and three seconds, so mParticle recommends that you cache the token and refresh it only when necessary.
GET
request to /userprofile/v1/<orgId>/<accountId>/<workspaceId>/<mpid>
, using the organization ID, account ID, workspace ID, and MPID for the profile you removed.Response code | Error message | Description |
---|---|---|
400 |
Bad Request - malformed JSON or required field missing | The JSON in your request body could be invalid or it could include a syntax error. Use a JSON linter to verify your JSON formatting, and make sure your request contains a single array of multiple objects, each with an mpid and action field. The error message specifies any required fields that are missing. |
401 |
Unauthorized - authentication missing or invalid | Make sure your API credentials include the Bulk Profile Deletion API, your authorization header is formatted correctly, and that the API key/secret included are correct or that your bearer token is correct. |
403 |
Forbidden - API key/secret are present but not valid | Make sure that the API credentials used to generate your API key/secret or your bearer token include the Bulk Profile Deletion API. |
429 |
Too many requests - rate limiting is being applied | Your request either contains too many MPIDs or you have submitted too many requests. Make sure you request to delete no more than 1500 MPIDs per second, and that each individual request contains no more than 100 MPIDs |
503 |
Service unavailable - the message should be retried after a back off | After exponentially backing off your requests, retry. If you continue to encounter this error, contact mParticle Support. |
Was this page helpful?