Skip to main content

Delete tokens

Learn how to delete tokens in Piiano Vault

When you no longer need a token, you can delete it. After deleting a token, it is no longer available and cannot be detokenized.

Alternatively, you can prevent a token from being tokenized by archiving it. You do this by setting the token's expiration period to 0 using the token update options.

The prune job, REST API Delete objects and tokens operation, and CLI Delete objects and tokens command delete archived tokens after the retention period. Before the end of the retention period, you can restore an archived token to the active state by updating its expiration time.


When the object a token represents expires, Vault automatically archives the token.

You select the tokens to delete using at least one list of token IDs, object IDs, or tags, similar to detokenizing or searching for tokens as described in Retrieve a token. You can also provide a tenant ID to further restrict the token selection to those tokens whose owner has the specified tenant ID.


To delete one or more tokens:

  1. Determine the token IDs, object IDs, or tags and, optionally, the tenant ID that define the tokens you want to delete.
  2. Use the CLI delete tokens command or REST API delete tokens operation, passing the token IDs, object IDs, or tags for the tokens you want to remove.


You have a token with token ID: d27923c6-5d16-41e3-89ee-118b05a25372 on the collection paymentinfo you want to delete.

To delete the token, do this in the CLI:

pvault token delete \
-t d27923c6-5d16-41e3-89ee-118b05a25372 \
--collection paymentinfo

Or this, using the REST API:

curl -s -X DELETE \
--url 'http://localhost:8123/api/pvlt/1.0/data/collections/paymentinfo/tokens?token_ids=d27923c6-5d16-41e3-89ee-118b05a25372&reason=AppFunctionality' \
-H 'Authorization: Bearer pvaultauth' \
-H 'Content-Type: application/json'

If the deletion is successful, you get a 200 response only.