Delete All Objects

Delete all devices (objects) from the database. This is a destructive operation that permanently removes all device records.

Request

DELETE /api/objects

Authentication Required: Must include JWT token in Authorization header.

Required Scope: objects

Request Example

curl -X DELETE "http://your-server-ip:port/api/objects" \
     -H "Authorization: Bearer YOUR_JWT_TOKEN"

Response

Success (204 No Content)

No response body is returned for successful deletion.

HTTP/1.1 204 No Content

Error Responses

All error responses are returned as plain text:

401 Unauthorized

NOT_LOGGED_IN

403 Forbidden

FORBIDDEN

405 Method Not Allowed

Method Not Allowed

500 Internal Server Error

Failed to delete objects

503 Service Unavailable

Database is not ready

Important Warnings

⚠️ Destructive Operation

This endpoint permanently deletes ALL objects (devices) from the database for ALL users. This action cannot be undone.

🔒 Security Considerations

• Requires objects scope
• Affects all users in the system
• No selective deletion - removes everything
• Consider implementing additional confirmation mechanisms in your application

Usage Examples

Delete All Objects

curl -X DELETE "http://your-server:8080/api/objects" \
     -H "Authorization: Bearer YOUR_JWT_TOKEN"

Response Handling (JavaScript)

async function deleteAllObjects() {
  try {
    const response = await fetch('/api/objects', {
      method: 'DELETE',
      headers: {
        'Authorization': `Bearer ${token}`,
        'Content-Type': 'application/json'
      }
    });
    
    if (response.ok) {
      console.log('All objects deleted successfully');
      return true;
    } else {
      const error = await response.text();
      throw new Error(`Failed to delete objects: ${error}`);
    }
  } catch (error) {
    console.error('Error deleting objects:', error);
    throw error;
  }
}

Confirmation Pattern

async function deleteAllObjectsWithConfirmation() {
  // Implement multiple confirmation steps
  const firstConfirm = confirm('Are you sure you want to delete ALL objects?');
  if (!firstConfirm) return false;
  
  const secondConfirm = confirm('This will permanently delete ALL device records. This cannot be undone. Continue?');
  if (!secondConfirm) return false;
  
  const finalConfirm = prompt('Type "DELETE ALL OBJECTS" to confirm:');
  if (finalConfirm !== 'DELETE ALL OBJECTS') {
    alert('Confirmation text does not match. Operation cancelled.');
    return false;
  }
  
  try {
    await deleteAllObjects();
    alert('All objects have been deleted.');
    // Refresh the UI or redirect
    window.location.reload();
  } catch (error) {
    alert(`Failed to delete objects: ${error.message}`);
  }
}

Best Practices

Before Deletion

1. Create Backup: Export object data before deletion
2. User Confirmation: Implement multiple confirmation steps
3. Access Control: Restrict this operation to administrators only
4. Audit Logging: Log who performed the deletion and when
5. Maintenance Window: Consider performing during maintenance hours

Implementation Recommendations

// Example backup before deletion
async function backupAndDelete() {
  try {
    // 1. Create backup
    const objects = await fetch('/api/objects', {
      headers: { 'Authorization': `Bearer ${token}` }
    }).then(r => r.json());
    
    // Save backup locally or to external storage
    const backup = {
      timestamp: new Date().toISOString(),
      count: objects.objects.length,
      data: objects.objects
    };
    
    localStorage.setItem('objects_backup', JSON.stringify(backup));
    
    // 2. Perform deletion
    await deleteAllObjects();
    
    console.log(`Backup created with ${backup.count} objects before deletion`);
  } catch (error) {
    console.error('Backup and delete failed:', error);
  }
}

Error Handling

function handleDeleteError(error, response) {
  switch (response.status) {
    case 401:
      // Redirect to login
      window.location.href = '/login';
      break;
    case 403:
      alert('You do not have permission to delete objects');
      break;
    case 405:
      alert('Delete operation is not allowed');
      break;
    case 500:
      alert('Server error occurred during deletion');
      break;
    case 503:
      alert('Database is not ready. Please try again later.');
      break;
    default:
      alert(`Unexpected error: ${error.message}`);
  }
}

Important Notes

• Scope Required: Users must have the objects scope to access this endpoint
• Global Impact: Affects all users and all objects in the system
• No Undo: This operation cannot be reversed through the API
• Plain Text Errors: Error responses are not in JSON format
• No Partial Deletion: Either all objects are deleted or none are
• Session Impact: Active device sessions will be terminated