Closed j-ochs closed 4 years ago
@j-ochs Hey, thanks for raising this! You can already do this using a personal API key: https://posthog.com/docs/api/api#authentication. You can then pass that token to api/person
endpoint.
It'd be good to have this more tightly integrated into the various libraries, but this solution should work for now!
@timgl thanks for the quick response! Glad to hear this is already possible. I've followed the directions in the docs for getting an API key, and based on the example from the docs I tried a simple curl request like so:
curl -X DELETE --header "Authorization: Bearer <API_KEY>" https://<posthog_base_url>/api/person/<unique_person_id>
However, with this request I get the following response:
Making the request with http instead of https will return a 301 Moved Permanently
response.
I'm a bit unsure what I'm missing here - any advice is greatly appreciated!
You need the trailing slash /
at the end of the url I think!
Yep, sorry for that, we just fixed this annoyance! (#1557)
Aha, thanks! Getting closer 🙂
With the trailing slash on that request, I'm now getting this response: {"detail":"Authentication credentials were not provided."}
The Authorization header should be sufficient for authentication, yes?
Yes, are you using a personal api key or are you using the write-only key?
Ah that's the issue, I've been using the write-only key. 🤦 Closing this out now - thanks for all the help! Much appreciated
Is your feature request related to a problem? Please describe.
In order to comply with GDPR, I would like the ability to irreversibly delete all the data on an individual person 30 days after they have closed their account. I have a Rails server on the backend, and a React frontend which is connected to my PostHog instance.
Describe the solution you'd like
The easiest solution for my case would be an HTTP endpoint which can securely execute DELETE requests for an individual person. Alternatively, exposing this functionality from within the PostHog ruby integration could suffice.
Either way, the PostHog User's unique ID and the unique PostHog API key for this PostHog instance will easily be available from the Rails backend by being passed through in a request from the React frontend.
Describe alternatives you've considered
There already exists a Javascript API which handles this use case: https://github.com/PostHog/posthog/blob/411648a371372d7118006f76a0e37f633f561556/frontend/src/lib/api.js#L77-L95 This is hooked in to the "Delete all data on this person" button in the PostHog frontend: https://github.com/PostHog/posthog/blob/411648a371372d7118006f76a0e37f633f561556/frontend/src/lib/utils.js#L236-L242 However, this will not work for my use case since the request needs be initiated from the Rails backend, and the backend will not have access to the valid CSRF token cookie necessary for the request to resolve. Thanks for reading! Please advise