> ## Documentation Index
> Fetch the complete documentation index at: https://docs.closient.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Delete organization

> Schedule an organization for deletion (owner role required). This is a reversible 90-day tombstone: the catalog is unclaimed (brands, locations, and products survive as crowd-sourced), the Stripe subscription is cancelled at period end, and API keys are revoked immediately. Regulated traceability records are retained. The org can be restored within the grace window, after which its org-only data is purged. Returns 204 No Content on success.

When the organization has `require_reauth_to_delete` enabled (the default), a *browser-session* caller must have re-authenticated at their identity provider within the freshness window or the request is rejected with 403 — a stolen session cookie alone cannot delete. API-key callers authenticate with a separate credential and are not subject to this gate.



## OpenAPI

````yaml /openapi/openapi-account.json delete /account/api/v1/organizations/{id}
openapi: 3.1.0
info:
  title: Account API
  version: 1.0.0
  description: >
    Authenticate and manage users, organizations, and API keys.


    ## Authentication


    All endpoints require an API key passed via the `X-API-Key` HTTP header,
    unless otherwise noted.


    ```

    X-API-Key: csb_<body>_<checksum>

    ```


    Generate API keys in **Settings > API Keys** in your dashboard, or via the
    Account API.

    Session-based (cookie) authentication is also accepted for browser-based
    access.


    ## Rate Limits


    | Tier        | Requests / minute | Requests / day |

    |-------------|-------------------|----------------|

    | Default     | 300               | 10,000         |

    | Custom      | Contact us        | Contact us     |


    Rate-limit headers are included on every response so callers can
    self-throttle without

    hitting our 429s ("informed governor"):


    - `RateLimit-Policy` — every active window, e.g. `300;w=60, 10000;w=86400`

    - `RateLimit-Limit` — quota for the **most-restrictive** currently-active
    window

    - `RateLimit-Remaining` — requests left in that window

    - `RateLimit-Reset` — seconds until that window resets (relative; clock-skew
    safe)


    Legacy `X-RateLimit-*` aliases are also emitted for back-compat.
    `X-RateLimit-Reset`

    keeps the absolute Unix-timestamp shape to avoid breaking existing
    consumers.


    When rate-limited, you receive `429 Too Many Requests` with a
    `retry_after_seconds` field

    in the error envelope and a `Retry-After` header.


    ## Pagination


    List endpoints return paginated results in this envelope:


    ```json

    {
      "data": [...],
      "pagination": {
        "page": 1,
        "page_size": 25,
        "total_count": 342,
        "total_pages": 14,
        "has_next": true,
        "has_previous": false
      }
    }

    ```


    Use `?page=2&page_size=50` query parameters. Maximum page size is 100.


    ## Error Responses


    All errors conform to [RFC 9457 Problem
    Details](https://www.rfc-editor.org/rfc/rfc9457)

    with `Content-Type: application/problem+json`:


    ```json

    {
      "type": "https://closient.com/docs/errors/not_found",
      "title": "Not Found",
      "status": 404,
      "detail": "The requested resource was not found.",
      "error_code": "not_found",
      "retryable": false,
      "timestamp": "2026-03-31T12:00:00+00:00"
    }

    ```


    Common error codes: `unauthorized` (401), `forbidden` (403), `not_found`
    (404),

    `validation_error` (422), `rate_limited` (429), `internal_error` (500).
  termsOfService: https://www.closient.com/terms/
servers:
  - url: https://www.closient.com
security: []
tags:
  - name: Account
    description: Authenticate and introspect the current user and API key.
  - name: Organizations
    description: Create and manage organizations (businesses).
  - name: Members
    description: Invite, update, and remove organization members.
  - name: API Keys
    description: Create, list, and revoke API keys.
  - name: Preferences
    description: >-
      Read the authenticated user's stored trait preferences (allergens, dietary
      stances, certifications). Writes happen through the dashboard's HTMX form,
      not this API.
externalDocs:
  description: Closient Documentation
  url: https://docs.closient.com
paths:
  /account/api/v1/organizations/{id}:
    delete:
      tags:
        - Organizations
      summary: Delete organization
      description: >-
        Schedule an organization for deletion (owner role required). This is a
        reversible 90-day tombstone: the catalog is unclaimed (brands,
        locations, and products survive as crowd-sourced), the Stripe
        subscription is cancelled at period end, and API keys are revoked
        immediately. Regulated traceability records are retained. The org can be
        restored within the grace window, after which its org-only data is
        purged. Returns 204 No Content on success.


        When the organization has `require_reauth_to_delete` enabled (the
        default), a *browser-session* caller must have re-authenticated at their
        identity provider within the freshness window or the request is rejected
        with 403 — a stolen session cookie alone cannot delete. API-key callers
        authenticate with a separate credential and are not subject to this
        gate.
      operationId: apps_accounts_api_business_delete_organization
      parameters:
        - in: path
          name: id
          schema:
            description: UUID of the organization.
            format: shortuuid
            maxLength: 22
            minLength: 22
            pattern: ^[23456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]{22}$
            title: Id
            type: string
          required: true
          description: UUID of the organization.
      responses:
        '204':
          description: No Content
        '403':
          description: Forbidden
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorOut'
        '404':
          description: Not Found
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorOut'
      security:
        - APIKeyHeaderAuth: []
        - OAuthTokenAuth: []
        - SessionAuth: []
components:
  schemas:
    ErrorOut:
      description: |-
        RFC 9457 Problem Details response.

        All API errors are returned in this format with Content-Type:
        application/problem+json.
      examples:
        - detail: The requested resource was not found.
          error_code: not_found
          retryable: false
          status: 404
          timestamp: '2026-03-31T12:00:00+00:00'
          title: Not Found
          type: https://closient.com/docs/errors/not_found
        - detail: Validation error.
          details:
            - loc:
                - body
                - name
              msg: Field required
              type: missing
          error_code: validation_error
          retryable: false
          status: 422
          timestamp: '2026-03-31T12:00:00+00:00'
          title: Validation Error
          type: https://closient.com/docs/errors/validation_error
        - detail: Rate limit exceeded. Please try again later.
          error_code: rate_limited
          retry_after: 31
          retryable: true
          status: 429
          timestamp: '2026-03-31T12:00:00+00:00'
          title: Rate Limited
          type: https://closient.com/docs/errors/rate_limited
      properties:
        type:
          description: URI reference identifying the error type.
          title: Type
          type: string
        title:
          description: Short human-readable summary of the error.
          title: Title
          type: string
        status:
          description: HTTP status code.
          title: Status
          type: integer
        detail:
          description: Human-readable explanation of this specific occurrence.
          title: Detail
          type: string
        error_code:
          description: Machine-readable error code (e.g. not_found, unauthorized).
          title: Error Code
          type: string
        retryable:
          default: false
          description: Whether retrying the same request can succeed.
          title: Retryable
          type: boolean
        timestamp:
          description: ISO 8601 timestamp of when the error occurred.
          title: Timestamp
          type: string
        retry_after:
          anyOf:
            - type: integer
            - type: 'null'
          description: Seconds to wait before retrying (when applicable).
          title: Retry After
        owner_action_required:
          anyOf:
            - type: boolean
            - type: 'null'
          description: Whether the error requires account owner intervention.
          title: Owner Action Required
        details:
          description: Additional context (validation errors, etc.).
          title: Details
      required:
        - type
        - title
        - status
        - detail
        - error_code
        - timestamp
      title: ErrorOut
      type: object
  securitySchemes:
    APIKeyHeaderAuth:
      type: apiKey
      in: header
      name: X-API-Key
    OAuthTokenAuth:
      type: http
      scheme: bearer
    SessionAuth:
      type: apiKey
      in: cookie
      name: sessionid

````