user_id and agent_id pair in a single call. This is the right endpoint for GDPR right-to-erasure requests, account deletions, and full agent resets. The confirm=true parameter is required — it must be explicitly set to prevent accidental wipes from misconfigured clients.
Request
Headers
| Name | Required | Description |
|---|---|---|
X-API-Key | Yes | Your MemLayer API key (ml_live_xxx) |
Query Parameters
Delete all memories belonging to this user.
Delete all memories associated with this agent. Memories for the same
user_id under a different agent_id are unaffected.Must be
true. The request is rejected with HTTP 400 if confirm is false or omitted. This safeguard prevents accidental bulk deletions.Response
Success — 200
Total number of memories permanently removed.
0 if the user-agent pair had no memories stored.Human-readable summary including the count of deleted memories.
Errors
| Code | Meaning |
|---|---|
400 | confirm was false or not provided — nothing was deleted |
401 | Invalid or missing X-API-Key |
403 | Account suspended |
422 | Validation error — check parameter types |
Notes
Scope is limited to one user-agent pair
Scope is limited to one user-agent pair
This endpoint only deletes memories for the exact
user_id + agent_id combination you provide. If the same user has memories across multiple agents (e.g. support_bot and sales_agent), each pair must be wiped separately. Memories from other users are never affected.GDPR right-to-erasure workflow
GDPR right-to-erasure workflow
When a user requests deletion of their data, iterate over all agent IDs associated with that user and call this endpoint for each:
Safer alternative — delete selectively
Safer alternative — delete selectively
If you want more control, use GET /memories to inspect what will be deleted, then call DELETE /memories/ for each memory individually. This is slower but lets you keep specific memories if needed.