Zumik
v2 · Native state

Purge jobs

Run an auditable purge over artifacts and retrieve a signed receipt. Delete revokes access; purge removes retained representations and proves what was done.

Delete revokes a handle immediately. Purge is the auditable workflow: it bumps the namespace generation, physically removes the in-scope artifacts, and returns a profile-specific receipt with a tamper-evident digest. The guarantee class never exceeds what the processors actually achieved. Purge jobs are prefixed pjb_; receipts are prefixed pur_. See retention and purge and the purge semantics guide.

All requests require a bearer API key. See authentication.

Create a purge job

POST /v2/purge-jobs

Runs the purge synchronously and stores both the job and its receipt.

artifact_idsarrayrequired

The art_... ids to purge. Must not be empty, and each must exist in this project.

curl https://api.zumik.ai/v2/purge-jobs \
  -H "Authorization: Bearer $ZUMIK_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "artifact_ids": ["art_01jy7n3q8v6kzr4w2m9bd5xpfh"] }'
{
  "id": "pjb_01jy7ngh12k3l4m5n6o7p8q9rs",
  "object": "purge_job",
  "status": "completed",
  "scope": {
    "project_id": "prj_01jy7n0a4c8m2t6v9q3wrxk7bd",
    "artifact_ids": ["art_01jy7n3q8v6kzr4w2m9bd5xpfh"]
  },
  "requested_at": "2026-06-15T16:21:50Z"
}
idstring

Opaque purge job id, prefixed pjb_.

objectstring

Always purge_job.

statusstring

One of pending, running, completed, failed.

scopeobject

The project and artifact ids the job covered.

requested_atstring

RFC 3339 request timestamp.

Retrieve a purge job

GET /v2/purge-jobs/{purge_job_id}

purge_job_idstringpathrequired

The pjb_... id to fetch.

curl https://api.zumik.ai/v2/purge-jobs/pjb_01jy7ngh12k3l4m5n6o7p8q9rs \
  -H "Authorization: Bearer $ZUMIK_API_KEY"

Returns the same job object.

Retrieve the receipt

GET /v2/purge-jobs/{purge_job_id}/receipt

Returns the signed receipt for the job, keyed by the purge job id. The receipt records each processor's outcome and the weakest guarantee across them.

purge_job_idstringpathrequired

The pjb_... id whose receipt to fetch.

curl https://api.zumik.ai/v2/purge-jobs/pjb_01jy7ngh12k3l4m5n6o7p8q9rs/receipt \
  -H "Authorization: Bearer $ZUMIK_API_KEY"
{
  "id": "pur_01jy7ngh20l4m5n6o7p8q9r0st",
  "object": "purge_receipt",
  "requested_at": "2026-06-15T16:21:50Z",
  "completed_at": "2026-06-15T16:21:50Z",
  "scope": {
    "project_id": "prj_01jy7n0a4c8m2t6v9q3wrxk7bd",
    "artifact_ids": ["art_01jy7n3q8v6kzr4w2m9bd5xpfh"]
  },
  "guarantee": "verified_physical_purge",
  "processors": [
    { "name": "state_store", "status": "purged" }
  ],
  "receipt_digest": "sha256:9c1d...e4"
}
idstring

Opaque receipt id, prefixed pur_.

objectstring

Always purge_receipt.

requested_atstring

RFC 3339 request timestamp.

completed_atstring

RFC 3339 completion timestamp.

scopeobject

The project and artifact ids the purge covered.

guaranteestring

The weakest guarantee across all processors: access_revoked, best_effort_expiry, verified_namespace_invalidation, verified_physical_purge, or cryptographic_purge.

processorsarray

Per-processor outcomes. Each has a name (e.g. state_store, byoc_runtime), a status (purged, namespace_invalidated, expires_by, failed), and an optional expires_at. A byoc_runtime entry appears only when the project has live BYOC clusters that honor the generation bump.

receipt_digeststring

A SHA-256 over the receipt's identifying content, prefixed sha256:. Recompute it to confirm the receipt was not altered.

Errors

StatusCodeWhen
400invalid_request_errorartifact_ids is empty, or an id does not exist in this project.
401invalid_api_keyMissing or invalid API key.
404invalid_request_errorThe purge job or its receipt does not exist in this project.

See the full table on errors.

On this page