> ## Documentation Index
> Fetch the complete documentation index at: https://docs.vouchersx.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Anonymise a partner user

> Soft-deletes the user: clears email/displayName/phone/countryCode/locale and stamps `anonymizedAt`. The redemption and claim history is **preserved** for audit and reporting. A subsequent `POST /integrations/users` with the same `externalUserId` revives the row and re-populates the PII. Use this to satisfy partner-side deletion / GDPR-style requests without losing transaction history.



## OpenAPI

````yaml /openapi.json delete /integrations/users/{externalUserId}
openapi: 3.1.0
info:
  title: Voucher Platform — Partner Integration API
  version: 1.0.0
  description: >-
    Server-to-server and consumer endpoints used by partner apps to provision
    users, embed the voucher webview, and receive lifecycle webhooks. See the
    [partner integration guide](/docs) for the full narrative including JWT
    setup, HMAC signing, and a worked end-to-end example.
servers:
  - url: http://localhost:4000
    description: Local development
security: []
tags:
  - name: Integrations
    description: >-
      Server-to-server endpoints called from the partner backend. Authenticated
      with an HMAC signature.
  - name: Consumer
    description: >-
      Called from inside the partner-issued webview (or partner-native UI) on
      behalf of an end user. Authenticated with a partner-signed JWT.
paths:
  /integrations/users/{externalUserId}:
    delete:
      tags:
        - Integrations
      summary: Anonymise a partner user
      description: >-
        Soft-deletes the user: clears email/displayName/phone/countryCode/locale
        and stamps `anonymizedAt`. The redemption and claim history is
        **preserved** for audit and reporting. A subsequent `POST
        /integrations/users` with the same `externalUserId` revives the row and
        re-populates the PII. Use this to satisfy partner-side deletion /
        GDPR-style requests without losing transaction history.
      parameters:
        - schema:
            type: string
            minLength: 1
            maxLength: 255
          in: path
          name: externalUserId
          required: true
          description: The same identifier you used at upsert time.
        - schema:
            type: string
          in: header
          name: x-partner-slug
          required: true
      responses:
        '204':
          description: Anonymised. No body.
        '401':
          description: HMAC auth failed (see `POST /integrations/users` for codes).
          content:
            application/json:
              schema:
                description: HMAC auth failed (see `POST /integrations/users` for codes).
                type: object
                additionalProperties: true
                properties:
                  error:
                    type: string
        '403':
          description: Partner is disabled.
          content:
            application/json:
              schema:
                description: Partner is disabled.
                type: object
                additionalProperties: true
                properties:
                  error:
                    type: string
                    example: partner_disabled
        '404':
          description: >-
            No user found for `(partner, externalUserId)`. Already anonymised
            users return 404 too.
          content:
            application/json:
              schema:
                description: >-
                  No user found for `(partner, externalUserId)`. Already
                  anonymised users return 404 too.
                type: object
                additionalProperties: true
                properties:
                  error:
                    type: string
                    example: user_not_found
      security:
        - PartnerHmac: []
components:
  securitySchemes:
    PartnerHmac:
      type: apiKey
      in: header
      name: x-signature
      description: >-
        Stripe-style HMAC signature over `${timestamp}.${rawBody}` using your
        partner secret. Format: `t=<unix-seconds>,v1=<hex-hmac-sha256>`. Also
        requires the `x-partner-slug` header to identify your account.

````