Bulk Data Purge (Multi Tenant)

This topic is for the multi-tenant environment (MTE) version of Bulk Data Purge. If your implementation is a single-tenant environment (STE), see the topics in Bulk Data Purge (Single Tenant).

You can use the FHIR API Bulk Data Purge endpoint to delete resources for a specific FHIR version (R4, STU3, or DSTU2). You can delete resources for a single 1up user ID for your client ID. When you delete resources, you can choose to delete all resources, or you can specify a parameter to delete only specific resources. When you delete a resource, the version history is also deleted.

The Purge operation deletes FHIR resources for the 1up user that you specify. We recommend that you use the Purge operation with extreme caution. After the Purge operation is initiated, the delete process cannot be undone and data cannot be recovered.

You can access this endpoint using either a Bearer token or header-based authentication.

The client ID and client secret you use in the request defined below must have created the 1up user ID that you are attempting to purge data from. You can't purge the data for a 1up user that you didn't create using your own application (client ID and client secret).

If you don’t specify any parameters when you submit your request (_type or _before), this endpoint deletes all of the FHIR resources (all types) for the 1up user for the FHIR version (R4, STU3, or DSTU2) that you specify in your request.

If you include the _type parameter in your request, only the specified resources by resource type are purged.
If you include the _before parameter in your request, and the meta.lastUpdated date of any resource is less than the date passed into the _before filter, then those specific resources are purged. For example, if the date 2022-05-10 is passed into the _before filter, all resources with a meta.lastUpdated date before but not equal to 2022-05-10 are purged.

Purge does not delete the 1up user. After the Purge operation finishes, the user continues to exist, but without the FHIR resources you deleted.

Known Limitation

The Purge operation cannot delete all of the resources for a user ID with a large volume of resources (for example, 400K patients or more). Purge operation requests for users with large resource counts fail because the synchronous request can only run for 30 seconds before it times out.

When a timeout occurs, resources are deleted before the request timed out. This means that you can run the same Purge operation several times consecutively, until all of the resources that you want to purge are deleted.

Purge Resources with Bearer Token Authentication

You can use Bearer token authentication when you submit your Purge operation request.

For more information about how to get an access token for Bearer token authentication, see Authentication & Authorization APIs.

Purge endpoint — Bearer token

DELETE https://api.1up.health/{fhirVersion}/purge

Delete all resources for the specified FHIR version for a single 1up user ID.

Parameters

Query

Query
_type		Specify the FHIR resource types to purge. Separate multiple resource types with commas. Example — `_type=Patient,Observation` If you don’t specify `_type` or `_before`, all resources are deleted for the FHIR version and 1up user ID that you specified.
_mode		When you submit a Purge request, you can set the `_mode=dryrun` query parameter to run purge without deleting, and get the number of resources that the Purge operation will delete.
_before		Specify which FHIR resources to purge by including `meta.lastUpdated` in the resource. Use the `_before` filter to purge all resources with a `meta.lastUpdated` value older than the passed-in date. For example, `_before=2022-01-01` purges all resources with `meta.lastUpdated` older than Jan. 1, 2022. This filter works with the `_type` resource filter. If you don’t specify the `_before` or `_type` parameters, the Purge endpoint deletes all resources for a specific FHIR version and a single 1up user ID.

_type

Specify the FHIR resource types to purge. Separate multiple resource types with commas.

Example — _type=Patient,Observation

If you don’t specify _type or _before, all resources are deleted for the FHIR version and 1up user ID that you specified.

_mode

When you submit a Purge request, you can set the _mode=dryrun query parameter to run purge without deleting, and get the number of resources that the Purge operation will delete.

_before

Specify which FHIR resources to purge by including meta.lastUpdated in the resource.

Use the _before filter to purge all resources with a meta.lastUpdated value older than the passed-in date.

For example, _before=2022-01-01 purges all resources with meta.lastUpdated older than Jan. 1, 2022. This filter works with the _type resource filter.

If you don’t specify the _before or _type parameters, the Purge endpoint deletes all resources for a specific FHIR version and a single 1up user ID.

Header
Bearer*	Token

Responses

200: OK

Successful Purge

1
2
3
4
5
6
7
8
9
10
11
12
13
{
    "resourceType": "OperationOutcome",
    "id": "xxxxx",
    "issue": [
        {
            "severity": "information",
            "code": "deleted",
            "details": {
                "text": "purged user data"
            }
        }
    ]
}

Example Purge request for Bearer token authentication

1
2
curl --location --request DELETE 'https://api.1up.health/r4/purge' \
--header 'Authorization: Bearer zzzz'

Purge Resources with Header Authentication

You can use the oneup_user_id when you submit your Purge operation request. With this option, you can include the user ID of the user you want to delete resources for in your request header.

For more information about how to get the oneup_user_id for an app_user_id for header authentication, see User Management APIs.

Purge endpoint — Header authentication