Identity Records

Anonymise an Identity Record

Anonymises an Identity Record in response to a GDPR Art. 17 erasure request. The record is retained in a tombstoned state for audit continuity — the ir key remains valid and the linked AccessRecord continues to reference it — but all PII fields (pii-principal, email, credentials, and principal-verification) are permanently destroyed.

Pre-condition: All AccessRecords linked to this Identity Record must be in REVOKED or EXPIRED state. Attempting to anonymise an Identity Record linked to an ACTIVE access record returns 409.

This operation is irreversible.

DELETE

identity-records

{ir}

Anonymise an Identity Record

curl --request DELETE \
  --url https://api.central.consent/v1/identity-records/{ir} \
  --header 'Authorization: Bearer <token>'

{
  "response": {
    "resource": "/v1/identity-records/ir_a3c5e7f9b1d3a3c5e7f9b1d3",
    "timestamp": "2026-03-24T10:00:00Z",
    "transaction-id": "tid_abc123def456abc123def456"
  },
  "ir": "ir_a3c5e7f9b1d3a3c5e7f9b1d3",
  "anonymised-at": "2026-03-24T10:00:00Z"
}

Authorizations

Authorization

string

header

required

JWT from GET /auth/token. Pass as Authorization: Bearer <token>. Expires after 7200s.

Path Parameters

string

required

The identity record key to anonymise. Unique opaque identifier for an Identity Record, issued by the register on creation. Referenced from record-metadata.identity-record-ref on an AccessRecord to link the two resources.

Pattern: ^ir_[0-9a-f]{24}$

Example:

"ir_a3c5e7f9b1d3a3c5e7f9b1d3"

Response

Identity record anonymised. All PII permanently destroyed.

response

object

required

Show child attributes

string

required

Unique opaque identifier for an Identity Record, issued by the register on creation. Referenced from record-metadata.identity-record-ref on an AccessRecord to link the two resources.

Pattern: ^ir_[0-9a-f]{24}$

Example:

"ir_a3c5e7f9b1d3a3c5e7f9b1d3"

anonymised-at

string<date-time>

required

UTC timestamp of anonymisation.

Example:

"2026-03-24T10:00:00Z"

Last modified on March 25, 2026

Remove a Passkey CredentialRemoves a registered passkey credential from an Identity Record. The credential can no longer be used for passkey assertion after removal. If no credentials remain on the record after removal, passkey-based re-identification is no longer available for this Identity Record. Magic-link re-identification remains available if an email address is registered.

Anonymise an Identity Record

curl --request DELETE \
  --url https://api.central.consent/v1/identity-records/{ir} \
  --header 'Authorization: Bearer <token>'

{
  "response": {
    "resource": "/v1/identity-records/ir_a3c5e7f9b1d3a3c5e7f9b1d3",
    "timestamp": "2026-03-24T10:00:00Z",
    "transaction-id": "tid_abc123def456abc123def456"
  },
  "ir": "ir_a3c5e7f9b1d3a3c5e7f9b1d3",
  "anonymised-at": "2026-03-24T10:00:00Z"
}

Documents

Identity Records

Re-identification

Authentication

Data Users

Data Providers

DCC

Webhooks

Anonymise an Identity Record

Authorizations

Path Parameters

Response