---
title: Delete a passport permanently
description: Permanently delete an unpublished passport (status draft or in_review). Cascades extractions, agent sessions, supplier links, and R2 files. Paid plans only.
canonical: "https://www.tracepass.eu/docs/delete-passport"
locale: en
source: "https://www.tracepass.eu/docs/delete-passport"
---

# Delete a passport permanently

> Permanently delete an unpublished passport (status draft or in_review). Cascades extractions, agent sessions, supplier links, and R2 files. Paid plans only.

```http
DELETE /api/v1/passports/{id}
```

**Permanent and irreversible** — the passport row plus every cascaded dependent is removed from the database. Cascade includes AI extractions, agent-session state, supplier requests linked to this passport alone, scan + service events, and any uploaded documents whose only reference was this passport (documents shared across other passports/products stay). R2 storage under the passport's folder is swept too.

**Only never-published passports are eligible.** A passport with status `draft` or `in_review` and `publishedAt: null` can be deleted; everything else returns `409 Conflict` with a `reason` field naming the policy. This is deliberate: the compliance moat protecting printed QRs in the wild is preserved — a passport that has ever resolved publicly cannot be quietly destroyed.

**Paid-plan feature.** The endpoint returns `403 Forbidden` with `reason` on Free plans; use `POST /api/v1/passports/{id}/archive` instead — archive keeps the row in your audit trail and works on every plan.

Counts as one v1 write. Honours `Idempotency-Key`. No webhook fires (the audit `billingEvents` entry is the trail).

## Parameters

| Name | In | Type | Required | Description |
| --- | --- | --- | --- | --- |
| `Authorization` | header | string | yes | `Bearer <token>` — either a `tp_` API key (Developer → API Keys; simplest, for server-to-server) or an OAuth 2.0 access token (Developer → OAuth Apps; for user-authorized apps, scoped + revocable). The Authentication page has the full OAuth flow and scope list. |
| `Idempotency-Key` | header | string | no | UUID v4. |
| `id` | path | ObjectId | yes | Passport ID. |

## Examples

```bash
curl -sS -X DELETE \
  https://app.tracepass.eu/api/v1/passports/6650b2c3d4e5f6a7b8c9d0e1 \
  -H "Authorization: Bearer tp_REDACTED_xxxxxxxxxxxx"
```

```typescript
const res = await fetch(
  `https://app.tracepass.eu/api/v1/passports/${id}`,
  {
    method: "DELETE",
    headers: { Authorization: `Bearer ${process.env.TRACEPASS_API_KEY}` },
  },
);
if (res.status === 409) {
  // not eligible — read `reason` from the body
  const { reason } = await res.json();
  console.warn("Cannot delete:", reason);
}
```

```python
import os, requests
res = requests.delete(
    f"https://app.tracepass.eu/api/v1/passports/{passport_id}",
    headers={"Authorization": f"Bearer {os.environ['TRACEPASS_API_KEY']}"},
)
if res.status_code == 409:
    print("Not eligible:", res.json().get("reason"))
else:
    res.raise_for_status()
```

## Responses

### 200 — Deleted

```json
{
  "message": "Passport permanently deleted",
  "summary": {
    "passportId": "6650b2c3d4e5f6a7b8c9d0e1",
    "serialNumber": "SN-001",
    "gtin": "09506000134369",
    "deletedCounts": {
      "extractions": 3,
      "agentSessions": 1,
      "serviceEvents": 0,
      "scanEvents": 0,
      "ownershipTransfers": 0,
      "supplierRequestRefsRemoved": 0,
      "supplierRequestsDeleted": 0,
      "epcisEventRefsRemoved": 0,
      "epcisEventsDeleted": 0,
      "documentRefsRemoved": 1,
      "documentsDeleted": 1,
      "r2ObjectsDeleted": 4,
      "documentR2ObjectsDeleted": 1
    },
    "dppsActiveDelta": -1
  }
}
```

### 403 — Plan gate

```json
{
  "error": "Permanent delete is not available on your plan",
  "reason": "Hard-delete is a paid-plan feature. Use POST /api/v1/passports/{id}/archive instead."
}
```

### 409 — Not eligible

```json
{
  "error": "Passport is not eligible for permanent deletion",
  "reason": "This passport has been published. Archive it instead — the QR remains traceable for audit."
}
```

### 404 — Not found

```json
{ "error": "Passport not found" }
```

## Related

- [Archive a passport (audit-safe alternative)](https://www.tracepass.eu/docs/archive-passport.md)
- [Suspend a passport](https://www.tracepass.eu/docs/suspend-passport.md)
