Deletes a client-side encryption identity. The authenticated user can no longer use the identity to send encrypted messages.
You cannot restore the identity after you delete it. Instead, use the identities.create method to create another identity with the same configuration.
For administrators managing identities and keypairs for users in their organization, requests require authorization with a service account that has domain-wide delegation authority to impersonate users with the https://www.googleapis.com/auth/gmail.settings.basic scope.
For users managing their own identities and keypairs, requests require hardware key encryption turned on and configured.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-06-12 UTC."],[],[],null,["- [HTTP request](#body.HTTP_TEMPLATE)\n- [Path parameters](#body.PATH_PARAMETERS)\n- [Request body](#body.request_body)\n- [Response body](#body.response_body)\n- [Authorization scopes](#body.aspect)\n- [Try it!](#try-it)\n\nDeletes a client-side encryption identity. The authenticated user can no longer use the identity to send encrypted messages.\n\nYou cannot restore the identity after you delete it. Instead, use the [identities.create](/workspace/gmail/api/reference/rest/v1/users.settings.cse.identities/create#caribou.api.proto.MailboxService.CreateCseIdentity) method to create another identity with the same configuration.\n\nFor administrators managing identities and keypairs for users in their organization, requests require authorization with a [service account](https://developers.google.com/identity/protocols/OAuth2ServiceAccount) that has [domain-wide delegation authority](https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority) to impersonate users with the `https://www.googleapis.com/auth/gmail.settings.basic` scope.\n\nFor users managing their own identities and keypairs, requests require [hardware key encryption](https://support.google.com/a/answer/14153163) turned on and configured.\n\nHTTP request\n\n`DELETE https://gmail.googleapis.com/gmail/v1/users/{userId}/settings/cse/identities/{cseEmailAddress}`\n\nThe URL uses [gRPC Transcoding](https://google.aip.dev/127) syntax.\n\nPath parameters\n\n| Parameters ||\n|-------------------|-------------------------------------------------------------------------------------------------------------------------|\n| `userId` | `string` The requester's primary email address. To indicate the authenticated user, you can use the special value `me`. |\n| `cseEmailAddress` | `string` The primary email address associated with the client-side encryption identity configuration that's removed. |\n\nRequest body\n\nThe request body must be empty.\n\nResponse body\n\nIf successful, the response body is an empty JSON object.\n\nAuthorization scopes\n\nRequires one of the following OAuth scopes:\n\n- `https://www.googleapis.com/auth/gmail.settings.basic`\n- `\n https://www.googleapis.com/auth/gmail.settings.sharing`\n\nFor more information, see the [Authorization guide](/workspace/guides/configure-oauth-consent)."]]
