--- title: Delete description: Examples in this documentation depend on features activated in the ds-evaluation setup profile. component: pingds version: 8.1 page_id: pingds:rest-guide:delete-rest canonical_url: https://docs.pingidentity.com/pingds/8.1/rest-guide/delete-rest.html revdate: 2025-10-22T14:42:39Z keywords: ["REST API"] section_ids: delete_a_resource: Delete a resource delete_a_specific_revision: Delete a specific revision delete_a_subtree: Delete a subtree --- # Delete | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | Examples in this documentation depend on features activated in [the `ds-evaluation` setup profile](../install-guide/setup-ds.html#about-ds-evaluation).The code samples demonstrate how to contact the server over HTTPS using the deployment CA certificate. Before trying the samples, generate the CA certificate in PEM format from the server deployment ID and password:```console $ dskeymgr \ export-ca-cert \ --deploymentId $DEPLOYMENT_ID \ --deploymentIdPassword password \ --outputFile ca-cert.pem ``` | ## Delete a resource Use HTTP DELETE on the resource URL. HDAP returns the resource you deleted: * Curl * JavaScript * Python * Ruby ```console $ curl \ --request DELETE \ --cacert ca-cert.pem \ --user dc=com/dc=example/ou=People/uid=kvaughan:bribery \ --header 'Content-Type: application/json' \ 'https://localhost:8443/hdap/dc=com/dc=example/ou=People/uid=newuser?_prettyPrint=true' ``` > **Collapse: Show output** > > ``` > { > "_id" : "dc=com/dc=example/ou=People/uid=newuser", > "objectClass" : [ "person", "inetOrgPerson", "organizationalPerson", "top" ], > "cn" : [ "New User" ], > "givenName" : [ "New" ], > "mail" : [ "newuser@example.com" ], > "manager" : [ "dc=com/dc=example/ou=People/uid=bjensen" ], > "sn" : [ "User" ], > "telephoneNumber" : [ "+1 408 555 1212" ], > "uid" : [ "newuser" ] > } > ``` ```javascript (async () => { const { authenticate, doRequest, getOptions } = require('./utils') const options = getOptions({ path: '/hdap/dc=com/dc=example/ou=People/uid=newuser', method: 'DELETE' }) const jwt = await authenticate(options) options.headers['Authorization'] = 'Bearer ' + jwt const response = await doRequest('HDAP: delete newuser', options) console.log(response) })().catch(error => { console.error(error) }) ``` Source files for this sample: [delete.js](../_attachments/hdap/js/delete.js), [utils.js](../_attachments/hdap/js/utils.js) ```python #!/usr/bin/env python3 import requests import utils jwt = utils.authenticate('dc=com/dc=example/ou=People/uid=kvaughan', 'bribery') headers = { 'Content-Type': 'application/json', 'Authorization': f'Bearer {jwt}' } response = requests.delete( f'https://{utils.host}:{utils.port}/hdap/dc=com/dc=example/ou=People/uid=newuser', headers=headers, verify=utils.ca_pem) print('Status code: %d\nJSON: %s' % (response.status_code, response.json())) ``` Source files for this sample: [utils.py](../_attachments/hdap/py/utils.py), [delete.py](../_attachments/hdap/py/delete.py) ```ruby require_relative 'utils.rb' require 'faraday' utils = Utils.new('dc=com/dc=example/ou=People/uid=kvaughan', 'bribery') options = { ca_file: utils.ca_pem } jwt = utils.authenticate hdap = Faraday.new(url: "https://#{utils.host}:#{utils.port}/hdap/", ssl: options) do |f| f.headers['Content-Type'] = 'application/json' f.request :authorization, 'Bearer', jwt end response = hdap.delete('dc=com/dc=example/ou=People/uid=newuser') puts "Status code: #{response.status}\nJSON: #{response.body}" ``` Source files for this sample: [utils.rb](../_attachments/hdap/rb/utils.rb), [delete.rb](../_attachments/hdap/rb/delete.rb) HDAP Ruby examples require Ruby 3.2 and the `faraday` and `json` gems. ## Delete a specific revision To delete a resource only if the resource matches a particular version, use an `If-Match: ` header: * Curl * JavaScript * Python * Ruby ```console $ export JWT=$(echo $(curl \ --request POST \ --cacert ca-cert.pem \ --header 'Content-Type: application/json' \ --data '{ "password": "bribery" }' \ --silent \ 'https://localhost:8443/hdap/dc=com/dc=example/ou=People/uid=kvaughan?_action=authenticate') | jq -r .access_token) $ export REVISION=$(cut -d \" -f 8 <(curl \ --get \ --cacert ca-cert.pem \ --header "Authorization: Bearer $JWT" \ --header 'Content-Type: application/json' \ --data '_fields=_rev' \ --silent \ 'https://localhost:8443/hdap/dc=com/dc=example/ou=People/uid=newuser')) $ curl \ --request DELETE \ --cacert ca-cert.pem \ --header "Authorization: Bearer $JWT" \ --header "If-Match: $REVISION" \ 'https://localhost:8443/hdap/dc=com/dc=example/ou=People/uid=newuser?_prettyPrint=true' ``` > **Collapse: Show output** > > ``` > { > "_id" : "dc=com/dc=example/ou=People/uid=newuser", > "objectClass" : [ "person", "inetOrgPerson", "organizationalPerson", "top" ], > "cn" : [ "New User" ], > "givenName" : [ "New" ], > "mail" : [ "newuser@example.com" ], > "manager" : [ "dc=com/dc=example/ou=People/uid=bjensen" ], > "sn" : [ "User" ], > "telephoneNumber" : [ "+1 408 555 1212" ], > "uid" : [ "newuser" ] > } > ``` ```javascript (async () => { const { authenticate, doRequest, getOptions } = require('./utils') const options = getOptions({ path: '/hdap/dc=com/dc=example/ou=People/uid=newuser' }) const jwt = await authenticate(options) options.headers['Authorization'] = 'Bearer ' + jwt let response = await doRequest('HDAP: read newuser _rev', options) console.log(response) options.headers['If-Match'] = JSON.parse(response.data)._rev options.method = 'DELETE' response = await doRequest('HDAP: delete specific revision', options) console.log(response) })().catch(error => { console.error(error) }) ``` Source files for this sample: [delete-rev.js](../_attachments/hdap/js/delete-rev.js), [utils.js](../_attachments/hdap/js/utils.js) ```python #!/usr/bin/env python3 import requests import utils jwt = utils.authenticate('dc=com/dc=example/ou=People/uid=kvaughan', 'bribery') headers = { 'Content-Type': 'application/json', 'Authorization': f'Bearer {jwt}' } rev = requests.get( f'https://{utils.host}:{utils.port}/hdap/dc=com/dc=example/ou=People/uid=newuser', headers=headers, verify=utils.ca_pem).json()['_rev'] headers['If-Match'] = rev response = requests.delete( f'https://{utils.host}:{utils.port}/hdap/dc=com/dc=example/ou=People/uid=newuser', headers=headers, verify=utils.ca_pem) print('Status code: %d\nJSON: %s' % (response.status_code, response.json())) ``` Source files for this sample: [utils.py](../_attachments/hdap/py/utils.py), [delete-rev.py](../_attachments/hdap/py/delete-rev.py) ```ruby require_relative 'utils.rb' require 'faraday' utils = Utils.new('dc=com/dc=example/ou=People/uid=kvaughan', 'bribery') options = { ca_file: utils.ca_pem } jwt = utils.authenticate hdap = Faraday.new(url: "https://#{utils.host}:#{utils.port}/hdap/", ssl: options) do |f| f.headers['Content-Type'] = 'application/json' f.request :authorization, 'Bearer', jwt end resource = 'dc=com/dc=example/ou=People/uid=newuser' rev = JSON.parse(hdap.get(resource).body, symbolize_names: true)[:_rev] response = hdap.delete do |h| h.path = resource h.headers['If-Match'] = rev end puts "Status code: #{response.status}\nJSON: #{response.body}" ``` Source files for this sample: [utils.rb](../_attachments/hdap/rb/utils.rb), [delete-rev.rb](../_attachments/hdap/rb/delete-rev.rb) HDAP Ruby examples require Ruby 3.2 and the `faraday` and `json` gems. ## Delete a subtree | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | * Only users granted access to perform a subtree delete can remove a resource with children. * This can be a resource-intensive operation. The resources required to remove a branch depend on the number of LDAP entries to delete. | To delete a resource and all of its children, follow these high-level steps: * When configuring the gateway, make sure `"useSubtreeDelete": "true"` (default). * Grant the user access to the subtree delete control: ```console $ dsconfig \ set-access-control-handler-prop \ --hostname localhost \ --port 4444 \ --bindDN uid=admin \ --bindPassword password \ --add global-aci:"(targetcontrol=\"SubtreeDelete\")(version 3.0; acl \"Allow Subtree Delete\"; allow(read) userdn=\"ldap:///uid=kvaughan,ou=People,dc=example,dc=com\";)" \ --trustStorePath /path/to/opendj/config/keystore \ --trustStoreType PKCS12 \ --trustStorePassword:file /path/to/opendj/config/keystore.pin \ --no-prompt ``` * Delete the base resource as a user with access to perform a subtree delete. Include the `subtreeDelete=true` query string parameter in the delete request.