The Bulk Profile Deletion API allows you to programatically remove customer profiles, helping to improve your data quality and maintain your compliance with privacy requirements. This API-first approach to profile deletion allows you to automate an often complex and time-consuming process.
By removing erroneous or unnecessary profiles in bulk, you can resolve data integrity problems that propagated from a small error or bug in your code.
The Bulk Profile Deletion API should not be confused with the Data Subject Requests (DSR) API. There are several critical differences:
Profiles removed using the Bulk Profile Deletion API are always removed within the scope of a single workspace. For example, if a profile exists in two workspaces A and B in the same account, and the Profile Deletion API is used to remove the profile in workspace A, it will still exist in workspace B.
To remove the profile from both workspaces, you must make the same deletion request twice, once for each workspace, using two sets of credentials: one scoped for workspace A and another scoped for workspace B.
When verifying the deletion of a profile using the methods described below, you will see different results depending on your identity scope settings:
Continuing with the example above, if both workspaces A and B have the same identity scope:
However, if workspace A and B have different identity scopes:
This is because the User Activity View filters profiles to display based account and identity scope. Learn more about how data is organized in mParticle in Accounts, organizations, and workspaces.
You must authenticate requests to the Bulk Profile Data Deletion API using basic authentication with a workspace key and secret.
To obtain a Workspace key and secret:
Expand the Workspace Key/Secret
section, and copy the Workspace Key and Secret to use as your username and password for the Basic Auth connection.
Issue Key/Secret
button to generate your Workspace credentials.POST
<base_url>/userprofile/experimental/bulkdelete
The base URL is specific to the pod location your account is hosted in. Replace <base_url>
with the appropriate URL:
https://s2s.mparticle.com
https://s2s.us2.mparticle.com
https://s2s.eu1.mparticle.com
https://s2s.au1.mparticle.com
You can use either MPIDs (mParticle IDs) or unique identities to specify profiles to delete in your request body.
Unique identifiers are any user identifiers that have been configured to be unique to a profile. To see which identities are set as unique identities in your account:
Your request should contain an array of one or more objects where each object represents a deletion request for a single profile. Even a single deletion request object should be contained within an array.
[
{
"environment_type": "production",
"action": "delete",
"mpid": "valid-mpid-id",
"identities": {
// Unique identities should be added here if no MPID is given
}
},
{
"environment_type": "production",
"action": "delete",
// If no MPID is given, unique identities should be added in the identities object below
"identities": {
"customerid": "valid-customer-id"
}
}
]
Field Name | Data Type | Required | Description |
---|---|---|---|
environment_type |
string | Required | The mParticle environment type for the profiles you want to delete. Valid values are production or development . |
action |
string | Required | The action to perform on the profiles. Valid value is delete . |
identities |
JSON object | Required if no MPID is given | A JSON object containing a list of key/value pairs where the key the unique identity type (like customerid or email ) and the value is the unique identity for the profile to delete. |
mpid |
integer | Required if no identities are given | A 64-bit signed integer used to uniquely identify a user profile to delete. The MPID must be added directly to the JSON object for each deletion request, not within the identities object. |
A successful request receives a 202 Accepted
response. To positively verify your request, follow the steps in Verify the deletion request.
While the Bulk Profile Deletion API is a Beta release, profile data is not deleted from mParticle’s underlying event store. To remove user data from the event store, you can either:
After submitting your request, you can positively verify the successful removal of specific user data with two methods:
For example, assume invalid data was sent to a set of profiles between February 1st and February 10th, and you need to delete the now compromised profiles:
Since the Profile API can retrieve user profiles from mParticle, it can also be used to verify the removal of specific profiles.
https://sso.auth.mparticle.com/oauth/token
.The JSON body of the request must contain:
client_id
- the client ID, issued by mParticle when creating the API credentialsclient_secret
- the client secret, issued by mParticle when creating the API credentialsaudience
- set to a value of "https://api.mparticle.com"
grant_type
- set to a value of "client_credentials"
curl --request POST \
--url https://sso.auth.mparticle.com/oauth/token \
--header 'content-type: application/json' \
--data '{"client_id":"...","client_secret":"...","audience":"https://api.mparticle.com","grant_type":"client_credentials"}'
POST /oauth/token HTTP/1.1
Host: sso.auth.mparticle.com
Content-Type: application/json
{
"client_id": "your_client_id",
"client_secret": "your_client_secret",
"audience": "https://api.mparticle.com",
"grant_type": "client_credentials"
}
A successful POST request to the token endpoint results in a JSON response as follows:
{
"access_token": "YWIxMjdi883GHBBDnjsdKAJQxNjdjYUUJABbg6hdI.8V6HhxW-",
"expires_in" : 28800,
"token_type": "Bearer"
}
Your request to the Profile API can be authorized by setting the authorization header to:
Authorization: Bearer YWIxMjdi883GHBBDnjsdKAJQxNjdjYUUJABbg6hdI.8V6HhxW-
GET
request to /userprofile/v1/<orgId>/<accountId>/<workspaceId>/<mpid>
, using the organization ID, account ID, workspace ID, and MPID for the profile you removed.Response code | Error message | Description |
---|---|---|
400 |
Bad Request - malformed JSON or required field missing | The JSON in your request body could be invalid or it could include a syntax error. Use a JSON linter to verify your JSON formatting, and make sure your request contains a single array of multiple objects, each with an mpid and action field. It is also possible you included an MPID within the identities object for a deletion request; MPIDs cannot be included within the identities object. The error message specifies any required fields that are missing. |
401 |
Unauthorized - authentication missing or invalid | Make sure your API credentials include the Bulk Profile Deletion API, your authorization header is formatted correctly, and that the API key/secret included are correct or that your bearer token is correct. |
403 |
Forbidden - API key/secret are present but not valid | Make sure that the API credentials used to generate your API key/secret or your bearer token include the Bulk Profile Deletion API. |
429 |
Too many requests - rate limiting is being applied | Your request either contains too many MPIDs or you have submitted too many requests. Make sure you request to delete no more than 1500 MPIDs per second, and that each individual request contains no more than 100 MPIDs |
503 |
Service unavailable - the message should be retried after a back off | After exponentially backing off your requests, retry. If you continue to encounter this error, contact mParticle Support. |
Was this page helpful?