Description

This issue aims to verify and document the internal behavior and consequences of the "Delete Account" feature in Meshery. While the user-facing functionality is straightforward, the system-level implications and edge cases need to be confirmed and clearly documented in docs.layer5.

Investigation Checklist

User Data

• Are the user’s Designs permanently deleted?
  • Does this include both Draft and Published versions?
• Can other users still access content previously published by this user (e.g., Catalog Items)?
  • Is the author shown as "Unknown" or is the item hidden/deleted?
• Are user-specific settings (preferences, locale, notifications) cleared?
• Team-related impact:
• Is the user’s team membership immediately revoked?
• If the user was the creator of a team, is the team deleted or reassigned?
• If the user was the only admin, what happens to the team?

Authentication & Account Linking

• After account deletion, what happens when the same email is used to sign up again?
• Does it result in an error?
• Is reactivation triggered?
• Can previous data be restored?
• What happens to linked GitHub/Google accounts?
• Are the linked OAuth accounts automatically unlinked?
• Can the same GitHub/Google account be used again to register a new account?

Logs & Residual Data

• Are activity logs or audit trails anonymized or deleted?
• Are collaborative records (comments, analysis, logs) retained?
• Are they relabeled as "Deleted User" or similar?
• Is there any grace period (e.g., 30 days) to recover deleted accounts?

User Experience

• Is there a confirmation prompt before deletion?
  • Does it require a typed confirmation (e.g., entering “DELETE”)?
• After deletion, is the user logged out and redirected to login/homepage?
• Is there a data export option before account deletion?

API & Permission Handling

• Which API endpoint handles account deletion? (e.g., DELETE /api/user)
• Does the endpoint require authentication/authorization?
• What are the possible response codes (200, 204, 403, etc.)?
• Who can perform deletion?
  • Only the user themselves?
  • Can admins delete accounts?

Optional Technical Checks

• Is the delete action logged in internal audit logs?
• Is there a support-based/manual process for deletion (beyond self-service)?

Outcome

The confirmed behaviors and constraints will be documented under the “Delete Account” section in the Account Management category on docs.layer5.io.