Delete a customer
DELETE /customers/{id} - Soft-delete a partner-scoped customer (identity) record, idempotently.
0Gate is the primary public integration path for hosted payment, ramp, and swap experiences. Keep secret-key operations on your server and hand only browser-safe values to the widget.
Soft-delete a customer (identity) record. The record is marked deleted and stops appearing in reads, but its email and external_id stay reserved for your account. The call is idempotent — deleting an already-deleted customer returns the same shape.
Endpoint
| Field | Value |
|---|---|
| Method | DELETE |
| Path | /v1/customers/{id} |
| Area | Customers |
| Operation id | deleteCustomer |
| Auth boundary | Secret key from your server. |
The {id} path parameter is a customer id scoped to your account. A customer that belongs to another partner returns 404 — cross-tenant access is never 403.
Use it for
Remove a customer from your active list. After a delete, GET /v1/customers/{id} returns 404 and the record is excluded from GET /v1/customers.
Production rules
- Keep secret keys on your server. This endpoint requires an
sk_*key. - The delete is a soft-delete: the row is retained server-side and its
email/external_idremain reserved, so you cannot immediately re-create a customer with the sameemailorexternal_id(that returns409). - The call is idempotent — a repeat delete returns the same
deletedmarker, so retries are safe. - Wrap the path id in your code — the
{id}placeholder is a literal customer id at call time. - Treat examples and placeholder ids as fake data only.
Path parameters
| Field | Required | Type | Use it for |
|---|---|---|---|
id | Yes | string | The 0Bit customer id. |
Response
Returns 200 with a compact deleted marker — not the full customer object.
| Field | Type | Use it for |
|---|---|---|
id | string | The deleted customer's 0Bit id. |
object | string | Always customer. |
deleted | boolean | Always true. |
deleted_at | string | null | RFC 3339 time the customer was soft-deleted. |
Examples
curl -X DELETE https://gate-api.0bit.app/v1/customers/67a1f3b9e4b0c10001234567 \
-H "Authorization: Bearer sk_test_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"{
"id": "67a1f3b9e4b0c10001234567",
"object": "customer",
"deleted": true,
"deleted_at": "2026-01-03T00:00:00Z"
}A repeat DELETE for the same id returns the same marker — the call is idempotent.
Errors
All errors use the unified envelope and carry an X-Request-Id response header. Branch on code/type/statusCode, not on the free-form message.
{
"type": "not_found",
"code": "not_found",
"message": "Customer 67a1f3b9e4b0c10001234567 not found",
"request_id": "req_test_000000000123",
"doc_url": null,
"statusCode": 404
}| Status | type | When it happens |
|---|---|---|
401 | unauthorized | Missing or invalid secret key. |
404 | not_found | No such customer, or it belongs to another partner. Cross-tenant access is 404, never 403. |
429 | rate_limited | Request throttled. Back off and retry. |
5xx | server_error | Transient server or upstream failure. Retry with bounded backoff. |
Public boundary
This reference covers partner-scoped endpoint behavior, authentication, idempotency, webhook verification, and support-safe records. Internal operations, administrative routes, and unsupported availability claims are outside the public API contract.