---
title: Delete a product permanently
description: Permanently delete a product with zero passports (any status). Unlinks shared documents, deletes orphan docs + R2 files. Paid plans only. Irreversible.
canonical: "https://www.tracepass.eu/docs/delete-product"
locale: en
source: "https://www.tracepass.eu/docs/delete-product"
---

# Delete a product permanently

> Permanently delete a product with zero passports (any status). Unlinks shared documents, deletes orphan docs + R2 files. Paid plans only. Irreversible.

```http
DELETE /api/v1/products/{id}
```

**Permanent and irreversible.** Removes the product row + any uploaded documents whose only reference was this product (documents linked to other products/passports stay, just with `productId` unset). R2 storage under `<companyId>/products/<productId>/` is swept.

**Only products with ZERO passports of any status are eligible** — including archived. Returns `409 Conflict` with the live passport count in `reason` when ineligible. The rule preserves audit history: an archived passport carries the regulatory story ("we published this, then withdrew it") that would be orphaned if the parent product disappeared.

**Paid-plan feature.** Returns `403 Forbidden` on Free plans; use `POST /api/v1/products/{id}/archive` instead — archive keeps the row for audit and works on every plan.

Counts as one v1 write. Honours `Idempotency-Key`. No webhook (the `billingEvents` audit entry is the trail).

## Parameters

| Name | In | Type | Required | Description |
| --- | --- | --- | --- | --- |
| `Authorization` | header | string | yes | `Bearer <token>` — either a `tp_` API key (Developer → API Keys; simplest, for server-to-server) or an OAuth 2.0 access token (Developer → OAuth Apps; for user-authorized apps, scoped + revocable). The Authentication page has the full OAuth flow and scope list. |
| `Idempotency-Key` | header | string | no | UUID v4. |
| `id` | path | ObjectId | yes | Product ID. |

## Examples

```bash
curl -sS -X DELETE \
  https://app.tracepass.eu/api/v1/products/6650b2c3d4e5f6a7b8c9d0e1 \
  -H "Authorization: Bearer tp_REDACTED_xxxxxxxxxxxx"
```

```typescript
const res = await fetch(
  `https://app.tracepass.eu/api/v1/products/${id}`,
  {
    method: "DELETE",
    headers: { Authorization: `Bearer ${process.env.TRACEPASS_API_KEY}` },
  },
);
if (res.status === 409) {
  const { reason } = await res.json();
  console.warn("Cannot delete:", reason);
}
```

```python
import os, requests
res = requests.delete(
    f"https://app.tracepass.eu/api/v1/products/{product_id}",
    headers={"Authorization": f"Bearer {os.environ['TRACEPASS_API_KEY']}"},
)
if res.status_code == 409:
    print("Not eligible:", res.json().get("reason"))
else:
    res.raise_for_status()
```

## Responses

### 200 — Deleted

```json
{
  "message": "Product permanently deleted",
  "summary": {
    "productId": "6650b2c3d4e5f6a7b8c9d0e1",
    "name": "Demo product",
    "deletedCounts": {
      "documentRefsUnlinked": 2,
      "documentsDeleted": 1,
      "r2ObjectsDeleted": 3,
      "documentR2ObjectsDeleted": 1
    }
  }
}
```

### 403 — Plan gate

```json
{
  "error": "Permanent delete is not available on your plan",
  "reason": "Hard-delete is a paid-plan feature. Use POST /api/v1/products/{id}/archive instead."
}
```

### 409 — Not eligible

```json
{
  "error": "Product is not eligible for permanent deletion",
  "reason": "This product has 3 passports. Delete or archive every passport first."
}
```

### 404 — Not found

```json
{ "error": "Product not found" }
```

## Related

- [Archive a product](https://www.tracepass.eu/docs/archive-product.md)
