Endpoint
masker_session authentication. The signed-in user must be an account admin.
Path parameters
The agent’s ID in
agt_* ULID format, e.g. agt_01HYZ....Response
Returns204 No Content on success with no response body.
What happens on delete
- The agent row is removed from the database.
- In-flight requests on the agent’s proxy URL complete normally; new requests immediately receive
404. - Past sessions are preserved with a back-reference to the deleted agent’s ID. They remain accessible via GET /sessions and individual session detail endpoints.
- The vault is not purged. Tokens issued by this agent remain reversible as long as the
kidkeys are still present. This is intentional — deleting an agent must not break existing audit history. - An
agent_deletedevent is appended to the audit log with a timestamp.
Example
204 No Content with an empty body.
Recovering from accidental deletion
There is no automatic recovery. The audit log records the deletion event with a timestamp and the acting user. If you need to restore the agent’s configuration, retrieve the most recent compliance report for that agent — it contains a full configuration snapshot. You can use those settings to recreate the agent manually.Errors
| Status | Code | Meaning |
|---|---|---|
401 | unauthenticated | Missing or invalid masker_session cookie |
403 | forbidden | The signed-in user is not an account admin |
404 | agent_not_found | No agent with this ID exists, or it has already been deleted |