> ## Documentation Index
> Fetch the complete documentation index at: https://docs.arcuserp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Delete an account (protected hard delete)

> PROTECTED HARD DELETE. Permanently removes the account row and its
transaction-free children (contacts, addresses, payment methods).

Industry standard (NetSuite / QuickBooks / Acumatica): an account that has
**any financial or transaction history cannot be deleted.** If the account is
referenced by orders (any document type: quote / sales order / invoice / return /
purchase order), payments, returns, vendor bills, AP payments, vendor credits,
vendor prepayments, customer deposits, journal entry lines, inventory transactions,
or pricing policies, the call returns **409 `account_not_deletable`** with a clear
hint and per-type dependency counts. In that case, DEACTIVATE the account instead
(`POST /v1/accounts/{id}/deactivate`).

A transaction-free account is hard-deleted and the call returns
`{ deleted: true, display_name }`. This behavior is identical to the in-app
(Cognito) delete -- one canonical handler serves both callers.




## OpenAPI

````yaml /openapi.yaml delete /accounts/{id}
openapi: 3.1.0
info:
  title: Arcus ERP Public API
  version: 1.0.0
  description: >
    Arcus ERP public REST API. Designed for external integrations and data
    migration.


    **Authentication.** Bearer token (API key) via the `Authorization` header.

    Format: `Authorization: Bearer ark_live_ent_<code>_<random>` (or
    `ark_test_*` for sandbox).

    API keys are issued per-entity in **Settings > Developers > API Keys**.


    **Entity scoping.** The entity is encoded in the API key prefix; routes are
    flat

    (e.g. `/v1/accounts`, `/v1/orders`, `/v1/products`). A small set of platform
    endpoints

    (migration, reconciliation, events, webhook endpoints, API keys) use the

    `/v1/entities/{entity_id}/...` form -- those are noted in their tags.


    **Key capabilities.**
      - Related-resource hydration via `?expand[]=` (see `x-arcus-expand` on each resource).
      - Cursor-based pagination (`starting_after` / `ending_before` / `limit`).
      - Idempotency via the `Idempotency-Key` header.
      - Webhook events for asynchronous notification.
      - Conditional requests / ETag for cache validation.
servers:
  - url: https://api.arcuserp.com/v1
    description: Arcus ERP API (accepts both live `ark_live_*` and test `ark_test_*` keys)
  - url: https://dev-api.arcuserp.com/v1
    description: >-
      Dev sandbox API (test-only data, accepts `ark_test_*` keys against dev
      RDS)
security: []
paths:
  /accounts/{id}:
    parameters:
      - name: id
        in: path
        required: true
        schema:
          type: string
        description: >
          Account UUID or account_number (e.g. ACCT-001, CUST-00042).

          Polymorphic lookup: if the value is not a UUID it is resolved to a
          UUID via

          accounts.account_number within the entity scope before the record is
          fetched.

          (NEW-GAP-API-V1-POLYMORPHIC-LOOKUP-CROSS-RESOURCE 2026-05-20)
    delete:
      tags:
        - Accounts
      summary: Delete an account (protected hard delete)
      description: >
        PROTECTED HARD DELETE. Permanently removes the account row and its

        transaction-free children (contacts, addresses, payment methods).


        Industry standard (NetSuite / QuickBooks / Acumatica): an account that
        has

        **any financial or transaction history cannot be deleted.** If the
        account is

        referenced by orders (any document type: quote / sales order / invoice /
        return /

        purchase order), payments, returns, vendor bills, AP payments, vendor
        credits,

        vendor prepayments, customer deposits, journal entry lines, inventory
        transactions,

        or pricing policies, the call returns **409 `account_not_deletable`**
        with a clear

        hint and per-type dependency counts. In that case, DEACTIVATE the
        account instead

        (`POST /v1/accounts/{id}/deactivate`).


        A transaction-free account is hard-deleted and the call returns

        `{ deleted: true, display_name }`. This behavior is identical to the
        in-app

        (Cognito) delete -- one canonical handler serves both callers.
      operationId: deleteAccount
      responses:
        '200':
          description: Account permanently deleted (no financial history).
          content:
            application/json:
              schema:
                type: object
                properties:
                  data:
                    type: object
                    properties:
                      deleted:
                        type: boolean
                        example: true
                      display_name:
                        type: string
        '401':
          $ref: '#/components/responses/Error'
        '403':
          $ref: '#/components/responses/Error'
        '404':
          $ref: '#/components/responses/Error'
        '409':
          description: >-
            Account has financial / transaction history and cannot be deleted.
            Deactivate it instead.
          content:
            application/json:
              schema:
                type: object
                properties:
                  error:
                    type: string
                    example: account_not_deletable
                  code:
                    type: string
                    example: account_not_deletable
                  type:
                    type: string
                    example: precondition_failed
                  hint:
                    type: string
                    example: >-
                      Account has 12 orders, 8 payments, 3 returns. Accounts
                      with financial history cannot be deleted -- deactivate it
                      instead (set inactive).
                  has_transactions:
                    type: boolean
                    example: true
                  dependencies:
                    type: object
                    description: Per-type counts of records referencing this account.
                    properties:
                      orders:
                        type: integer
                      invoices:
                        type: integer
                      payments:
                        type: integer
                      returns:
                        type: integer
                      vendor_bills:
                        type: integer
                      ap_payments:
                        type: integer
                      vendor_credits:
                        type: integer
                      vendor_prepayments:
                        type: integer
                      customer_deposits:
                        type: integer
                      journal_lines:
                        type: integer
                      inventory_transactions:
                        type: integer
                      pricing_policies:
                        type: integer
      security:
        - ApiKeyAuth:
            - accounts:delete
components:
  responses:
    Error:
      description: Error response (400/401/403/404/409/422/429/500)
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorEnvelope'
  schemas:
    ErrorEnvelope:
      type: object
      description: |
        Canonical error response envelope. All API errors use this shape.
      required:
        - error
        - code
      properties:
        error:
          type: string
          description: Machine-readable error key
          example: not_found
        code:
          type: string
          description: Machine-readable error code (often same as error)
          example: not_found
        type:
          type: string
          enum:
            - validation_error
            - permission_error
            - not_found
            - conflict
            - rate_limit
            - internal
            - expand_error
            - not_implemented
          example: not_found
        hint:
          type: string
          description: Human-readable one-sentence explanation (English)
          example: >-
            The requested order does not exist or does not belong to this
            entity.
        param:
          type: string
          description: The parameter that caused the error, if applicable
          example: expand[0]
        required:
          type: string
          description: The scope required (only on insufficient_scope errors)
          example: accounts:read
        request_id:
          type: string
          description: >-
            Unique request ID for support tracing (maps to CloudWatch log
            stream)
          example: req_abc123
  securitySchemes:
    ApiKeyAuth:
      type: http
      scheme: bearer
      description: |
        API key issued per entity via Settings > Developers > API Keys.
        Each key carries scopes (e.g. orders:read, products:write).
        Bearer token format: Authorization: Bearer ark_live_ent_<code>_<random>
        Test keys use ark_test_ent_<code>_<random>. Both are issued per entity
        via Settings > Developers > API Keys.

````