> ## Documentation Index
> Fetch the complete documentation index at: https://tyk.io/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Delete a profile

> Permanently removes the specified authentication profile.



## OpenAPI

````yaml /swagger/5.13/identity-broker-swagger.yml delete /api/profiles/{id}
openapi: 3.0.3
info:
  title: Tyk Identity Broker (TIB) API
  description: >
    The Tyk Identity Broker (TIB) acts as a delegated authentication gateway
    between

    external identity providers (OAuth/Social, SAML, LDAP, Reverse Proxy) and
    the

    Tyk ecosystem.


    ## Authentication


    Profile management endpoints (`/api/*`) require an `Authorization` header
    whose

    value must exactly match the `Secret` field in `tib.conf`.


    Auth flow endpoints (`/auth/*`) are public — they are the entry points for

    end-user authentication and are called by browsers or API clients, not by

    back-end services.
  version: v1.7.2
  contact:
    email: support@tyk.io
    name: Tyk Technologies
    url: https://tyk.io/contact
servers:
  - url: http://localhost:3010
    description: Default local TIB instance
security: []
tags:
  - name: Auth
    description: Entry points for identity-provider authentication flows (public)
  - name: Profiles
    description: CRUD management of TIB profiles (requires Authorization header)
  - name: Health
    description: Health check
paths:
  /api/profiles/{id}:
    delete:
      tags:
        - Profiles
      summary: Delete a profile
      description: Permanently removes the specified authentication profile.
      operationId: deleteProfile
      parameters:
        - $ref: '#/components/parameters/profileId'
      responses:
        '200':
          description: Profile deleted successfully. `Data` will be an empty object.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/APIOKMessage'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
      security:
        - ApiSecret: []
components:
  parameters:
    profileId:
      name: id
      in: path
      required: true
      description: The unique identifier of the authentication profile.
      schema:
        type: string
      example: github-sso-dashboard
  schemas:
    APIOKMessage:
      type: object
      properties:
        Status:
          type: string
          enum:
            - ok
          example: ok
        ID:
          type: string
          description: The profile ID the operation was performed on.
          example: github-sso-dashboard
        Data:
          description: >-
            Payload — a single Profile object, a list of Profiles, or an empty
            object.
          oneOf:
            - $ref: '#/components/schemas/Profile'
            - type: array
              items:
                $ref: '#/components/schemas/Profile'
            - type: object
    Profile:
      type: object
      required:
        - ID
        - ActionType
        - ProviderName
        - Type
      properties:
        ID:
          type: string
          description: >
            Unique identifier for this profile. Must match the `{id}` path
            parameter

            when creating or updating.
          example: github-sso-dashboard
        Name:
          type: string
          description: Human-readable display name for this profile.
          example: GitHub SSO - Dashboard Login
        OrgID:
          type: string
          description: Tyk organisation ID this profile belongs to.
          example: 5e9d9544a1dcd60001d0ed20
        ActionType:
          $ref: '#/components/schemas/Action'
        MatchedPolicyID:
          type: string
          description: >
            Tyk policy ID to attach to tokens or sessions generated by this
            profile.
          example: 5f8f9e3c1b5e4a0001b3c4d5
        Type:
          $ref: '#/components/schemas/ProviderType'
        ProviderName:
          $ref: '#/components/schemas/ProviderName'
        CustomEmailField:
          type: string
          description: >
            Override the claim/attribute used to extract the user's email
            address.

            Leave empty to use the provider default.
          example: email
        CustomUserIDField:
          type: string
          description: >
            Override the claim/attribute used to extract the user's unique
            identifier.
          example: sub
        ProviderConfig:
          type: object
          description: >
            Provider-specific configuration object. The shape depends on
            `ProviderName`:

            - `SocialProvider` → see `GothConfig` schema

            - `ADProvider` → see `ADConfig` schema

            - `SAMLProvider` → see `SAMLConfig` schema

            - `ProxyProvider` → see `ProxyConfig` schema
          additionalProperties: true
        IdentityHandlerConfig:
          type: object
          description: |
            Additional key/value settings passed to the identity handler
            (e.g. OAuth client credentials, token TTL).
          additionalProperties: true
          example:
            oauth-client-id: tyk-portal-client
            oauth-client-secret: s3cr3t
            oauth-client-base-url: http://gateway:8080
        ProviderConstraints:
          $ref: '#/components/schemas/ProfileConstraint'
        ReturnURL:
          type: string
          description: URL the user is redirected to after successful authentication.
          example: https://dashboard.example.com/tap
        DefaultUserGroupID:
          type: string
          description: |
            Tyk user-group ID assigned to users that do not match any entry in
            `UserGroupMapping`.
          example: 5f8f9e3c1b5e4a0001b3c4d6
        CustomUserGroupField:
          type: string
          description: Claim/attribute name that carries the user's group membership.
          example: groups
        UserGroupMapping:
          type: object
          description: |
            Maps IdP group names to Tyk user-group IDs.
          additionalProperties:
            type: string
          example:
            admins: 5f8f9e3c1b5e4a0001b3c4d7
            developers: 5f8f9e3c1b5e4a0001b3c4d8
        UserGroupSeparator:
          type: string
          description: |
            Separator used when a single claim contains multiple group values
            (e.g. `","` or `" "`).
          example: ','
        SSOOnlyForRegisteredUsers:
          type: boolean
          description: |
            When `true`, only pre-existing Tyk users may log in via SSO.
            New users will be rejected rather than auto-created.
          example: false
    APIErrorMessage:
      type: object
      properties:
        Status:
          type: string
          enum:
            - error
          example: error
        Error:
          type: string
          description: Human-readable error message.
          example: Profile not found
    Action:
      type: string
      description: >
        Determines what TIB does with the confirmed identity.

        - `GenerateOrLoginDeveloperProfile` – create/log in a Tyk Developer
        Portal API Consumer

        - `GenerateOrLoginUserProfile` – create/log in a Tyk Dashboard user or
        Tyk Developer Portal API Owner

        - `GenerateOAuthTokenForClient` – generate an OAuth token for an API
        client (also used for the OAuth password flow)

        - `GenerateTemporaryAuthToken` – generate a short-lived Tyk access token
      enum:
        - GenerateOrLoginDeveloperProfile
        - GenerateOrLoginUserProfile
        - GenerateOAuthTokenForClient
        - GenerateTemporaryAuthToken
    ProviderType:
      type: string
      description: >
        - `redirect` – the user is redirected to an external IdP (OAuth, SAML)

        - `passthrough` – credentials are validated inline without a redirect
        (LDAP, Proxy)
      enum:
        - redirect
        - passthrough
    ProviderName:
      type: string
      description: Identifier for the concrete provider implementation.
      enum:
        - SocialProvider
        - ADProvider
        - SAMLProvider
        - ProxyProvider
    ProfileConstraint:
      type: object
      description: >
        Optional constraints that restrict which users may authenticate via this
        profile.
      properties:
        Domain:
          type: string
          description: |
            Restrict logins to email addresses on this domain (e.g. `tyk.io`).
            Empty string means no domain restriction.
          example: tyk.io
        Group:
          type: string
          description: >
            Restrict logins to members of this group (provider-specific
            semantics).
          example: engineering
  responses:
    Unauthorized:
      description: Missing or incorrect `Authorization` header.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/APIErrorMessage'
          example:
            Status: error
            Error: Authorization failed
    NotFound:
      description: The requested profile does not exist.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/APIErrorMessage'
          example:
            Status: error
            Error: Profile not found
  securitySchemes:
    ApiSecret:
      type: apiKey
      in: header
      name: Authorization
      description: |
        Must equal the `Secret` value in `tib.conf`.
        Example: `Authorization: your-tib-secret`

````