Initiates an account-deletion request by emailing a confirm/cancel link.
POST/gdpr/account/delete
Stamps the request, generates a confirmation token, and emails the user. Idempotent — re-requesting before confirmation resets the token. After confirmation use the cancel endpoint.
Responses
- 200
- 401
- 403
OK
Unauthorized - missing or invalid credentials.
Forbidden - authenticated but missing required role or policy.