DivineForgeDivineForge

Satire

DELETE Doesn't Delete. It Archives. This Was By Design.

Four partners built GDPR compliance flows against a DELETE endpoint that kept all the data.

2026 Apr 222 min readleast-astonishmentapinaminggdpr

The platform API has a DELETE /users/{id} endpoint. It soft-deletes — archives the record, retains all data, marks it inactive. There is no hard delete. This is documented in a footnote in the API reference under "Data Retention Behaviour." The Principle of Least Astonishment is not referenced in the API design doc.

What Actually Happens

Four integration partners build GDPR "right to erasure" compliance flows against this endpoint. They call DELETE, receive a 200 response, and mark the request fulfilled in their compliance logs. The name said DELETE. The HTTP status said success.

Eighteen months later, a regulatory audit reviews personal data retention. The auditors find that user records flagged for erasure are present and queryable in the archive table. All four partners are exposed. The platform's response: the documentation noted "soft delete" behaviour. The partners' response: the endpoint is named DELETE.

Emergency patches ship over a weekend. Legal counsel is engaged for all parties. The API is versioned. A new DELETE endpoint is introduced that actually deletes. The old one is renamed, causing three additional integration breakages.

Blocky· Senior Pragmatist

You named it DELETE. It kept the data. The auditors also noticed.

DivineForge Advisory

Recognise this pattern in your organisation? I help teams cut through the governance, make the right technical calls, and actually ship.

Let's talk architecture →

How a Builder Should Respond

Name endpoints and functions for what they actually do. If your DELETE archives, call it something else — even if it requires a version bump. Violating the principle of least astonishment in a public API is a compliance risk, not a design preference. When you discover the mismatch, version immediately, redirect clearly, and give partners a migration window with a hard cutoff. Honesty at API design time is free. Honesty during a regulatory audit is not.

This scenario illustrates the Principle of Least Astonishment. See all 13 laws →

ShareXLinkedIn

Stay in the loop

New satire drops when the enterprise does something worth documenting. No spam — just the next article.

20 articles about enterprise dysfunction. None of it billable. Buy me a coffee.

Buy me a coffee