Skip to main content
DELETE
/
admin
/
{id}
curl -X DELETE http://localhost:8080/admin/123e4567-e89b-12d3-a456-426614174000

Admin deletado com sucesso.
Deletes an administrator account from the system.

Path Parameters

id
string
required
The UUID of the administrator to deleteExample: "123e4567-e89b-12d3-a456-426614174000"

Response

Returns a plain text confirmation message.
Success
string
"Admin deletado com sucesso." (Admin deleted successfully)
curl -X DELETE http://localhost:8080/admin/123e4567-e89b-12d3-a456-426614174000

Admin deletado com sucesso.

Error Responses

400 Bad Request
error
Returned when the ID format is invalid (not a valid UUID)
404 Not Found
error
May be returned by the service layer if the admin doesn’t exist (implementation dependent)

Security Considerations

Critical Security Notes:
  • Authentication Required: This endpoint MUST require authentication to prevent unauthorized deletions
  • Authorization: Implement strict authorization checks:
    • Prevent self-deletion (admins should not be able to delete their own account)
    • Require super-admin privileges for deleting other admins
    • Consider implementing a confirmation workflow for critical operations
  • Audit Logging: Log all deletion attempts with admin ID, timestamp, and requesting user
  • Soft Delete: Consider implementing soft delete instead of hard delete to maintain audit trail
  • Cascade Effects: Ensure proper handling of related records before deletion
  • Rate Limiting: Implement rate limiting to prevent abuse
  • Confirmation: Require additional confirmation (e.g., password re-entry) for this destructive operation

Important Notes

Operational Considerations:
  • This operation is irreversible (unless soft delete is implemented)
  • Ensure you have a backup before deleting admin accounts
  • Consider the impact on:
    • Audit logs that reference this admin
    • Any records created or modified by this admin
    • System access and permissions
  • Maintain at least one active admin account at all times

Best Practices

  1. Disable Before Delete: Instead of immediate deletion, first disable the account and delete after a grace period
  2. Require Confirmation: Implement a two-step deletion process with explicit confirmation
  3. Notify Stakeholders: Send notifications to other admins when an admin account is deleted
  4. Backup Data: Ensure admin data is backed up before deletion
  5. Prevent Last Admin Deletion: Implement checks to prevent deletion of the last admin account

Alternative: Account Deactivation

Consider implementing an account deactivation endpoint instead of deletion:
  • Preserves audit history
  • Allows account reactivation if needed
  • Maintains data integrity
  • Safer for production systems

Build docs developers (and LLMs) love

Get started for freeTalk to us