Google Workspace · Arazzo Workflow

Google Workspace Delete a User Safely

Version 1.0.0

Look up a user, confirm it exists, then delete the account.

1 workflow 1 source API 1 provider
View Spec View on GitHub CalendarCollaborationEmailProductivityStorageVideo ConferencingArazzoWorkflows

Provider

google-workspace

Workflows

delete-user-safely
Verify a user exists and then delete the account.
Fetches the user by its key to confirm existence and record its id and org unit, then issues the delete so the account moves into the 20-day recoverable window.
2 steps inputs: accessToken, userKey outputs: deletedUserId, formerOrgUnitPath
1
lookupUser
getUser
Read the user by its key to confirm the account exists and capture the id and org unit before deleting.
2
deleteUser
deleteUser
Delete the confirmed user account. The user remains recoverable for 20 days via the undelete operation.

Source API Descriptions

openapi
directoryApi https://raw.githubusercontent.com/api-evangelist/google-workspace/refs/heads/main/openapi/admin-sdk-directory-api.yml

Arazzo Workflow Specification

google-workspace-delete-user-safely-workflow.yml Raw ↑ 
arazzo: 1.0.1
info:
  title: Google Workspace Delete a User Safely
  summary: Look up a user, confirm it exists, then delete the account.
  description: >-
    A guarded deletion flow. The workflow first reads the user by its key to
    confirm the account exists and capture its id, then deletes the user. Because
    deleted users remain recoverable for twenty days, the flow records the id so
    the account can later be restored with the undelete operation if needed.
    Every step spells out its request inline so the flow can be read and executed
    without opening the underlying OpenAPI description.
  version: 1.0.0
sourceDescriptions:
- name: directoryApi
  url: ../openapi/admin-sdk-directory-api.yml
  type: openapi
workflows:
- workflowId: delete-user-safely
  summary: Verify a user exists and then delete the account.
  description: >-
    Fetches the user by its key to confirm existence and record its id and org
    unit, then issues the delete so the account moves into the 20-day
    recoverable window.
  inputs:
    type: object
    required:
    - accessToken
    - userKey
    properties:
      accessToken:
        type: string
        description: OAuth 2.0 bearer access token with the admin.directory.user scope.
      userKey:
        type: string
        description: Primary email, alias, or unique id of the user to delete.
  steps:
  - stepId: lookupUser
    description: >-
      Read the user by its key to confirm the account exists and capture the id
      and org unit before deleting.
    operationId: getUser
    parameters:
    - name: userKey
      in: path
      value: $inputs.userKey
    - name: Authorization
      in: header
      value: "Bearer $inputs.accessToken"
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      userId: $response.body#/id
      orgUnitPath: $response.body#/orgUnitPath
  - stepId: deleteUser
    description: >-
      Delete the confirmed user account. The user remains recoverable for 20
      days via the undelete operation.
    operationId: deleteUser
    parameters:
    - name: userKey
      in: path
      value: $inputs.userKey
    - name: Authorization
      in: header
      value: "Bearer $inputs.accessToken"
    successCriteria:
    - condition: $statusCode == 204
  outputs:
    deletedUserId: $steps.lookupUser.outputs.userId
    formerOrgUnitPath: $steps.lookupUser.outputs.orgUnitPath