Delete Project
Projects
Delete Project
Soft delete a project by marking its status as deleted
DELETE
Delete Project
Authentication
This endpoint requires JWT authentication via theverifyJWT middleware. Include your access token in the Authorization header.
Path Parameters
The unique identifier of the project to delete (MongoDB ObjectId)
Behavior
This endpoint performs a soft delete by setting the project’sstatus field to deleted. The project document remains in the database but is excluded from all queries that filter by status.
What Happens When You Delete a Project
- Project status is changed to
deleted - Project no longer appears in project lists
- Project endpoints return 404 for this project ID
- Associated resources (builds, deployments) remain in the database
- The subdomain is not immediately released and cannot be reused
- This operation cannot be undone through the API
Response
Indicates whether the deletion was successful
Confirmation message: “Project deleted”
Example Request
Example Response
Error Responses
404 Not Found
Returned when:
- Project with the specified ID doesn’t exist
- Project doesn’t belong to the authenticated user
- Project has already been deleted
500 Internal Server Error
Returned when a server error occurs during deletion
Implementation Notes
Soft Delete vs Hard Delete
This endpoint implements soft deletion:- Soft delete: Sets
status: 'deleted', data remains in database - Hard delete: Would permanently remove the document (not implemented)
Why Soft Delete?
- Data Recovery: Allows potential recovery of accidentally deleted projects
- Audit Trail: Maintains historical records for billing and analytics
- Related Data: Preserves relationships with builds and deployments
- Billing: Ensures accurate billing history and dispute resolution
Ownership Verification
The endpoint includes three security checks:- Project must exist (
_idmatch) - Project must belong to the authenticated user (
ownermatch) - Project must not already be deleted (
status: { $ne: 'deleted' })
Side Effects
Deleting a project does not automatically:- Stop running containers (requires separate cleanup job)
- Delete build artifacts or Docker images
- Remove DNS records or SSL certificates
- Release the subdomain for reuse
- Delete associated build documents
- Trigger webhook notifications
Querying Deleted Projects
All project query endpoints includestatus: { $ne: 'deleted' } filter, which means:
- Deleted projects are invisible to the user
- They don’t appear in project lists
- Individual project endpoints return 404
- Subdomains of deleted projects return 404 on the routing layer
Best Practices
Before Deleting
- Backup Important Data: Export environment variables, build logs, or configurations
- Update DNS: If using a custom domain, update DNS to prevent downtime
- Notify Team: Inform team members if it’s a shared project
- Check Dependencies: Ensure no other services depend on this deployment
Confirmation Flow
For user-facing applications, implement a confirmation dialog:Alternative: Stopping a Project
If you want to temporarily disable a project without deleting it, consider updating the project status tostopped through a settings endpoint (if available), or simply don’t delete it.
Source Reference
backend/src/controllers/slices/Project/settings.js:125