I accidentally `Delete organization` by non-exist API call

While I try to delete user seat I accidentally Delete organization via API by call

curl --request DELETE \
  --url https://api.cloudflare.com/client/v4/accounts/XXX/access/organizations \
  --header 'Content-Type: application/json' \
  -H "X-Auth-Key: XXX" \
  -H "X-Auth-Email: [email protected]"
  --data '[
  {
    "email": "[email protected]",
    "seat_uid": "XXX"
  }
]'
{
  "result": null,
  "success": true,
  "errors": [],
  "messages": []
}

And somehow it delete whole organization.
Then when I get back to https://one.dash.cloudflare.com/ I has been ask to create new organization.

And after that, no matter I try…

  1. The users never appear in dashboard both users list and usage analytics.
  2. Both user list and usage analytics work before so this is not a newbies question.

And yes this seem to mess up and somehow break everything after that.
You can reproduce by above curl with global token.

Any help is welcome but I don’t think this can be fix from my side.

Which documented API endpoint for deleting seats were you trying to use? I don’t see any with DELETE in that manner, especially with a body.

Getting the organization back is unlikely at this stage - if you can easily reconstruct everything then you should. But if not, post here and maybe something can be worked out.

  1. I can’t find a way to delete user (only revoke and display inactive) via document so I take a look at how dashboard delist the user so I found it called
https://dash.cloudflare.com/api/v4/accounts/XXX/access/organizations/revokeUser?devices=true

So I think maybe it’s just undoc then I try replicated that call via api.cloudflare.com but it turnout I break whole organize instead. (yes I shouldn’t do this, and I regret that already)

  1. To be clear, I don’t want to get an old organize data back because it’s just 2 accounts for testing nothing serious there. And yes I try to reconstruct but user list and user analytics not show up.

On the bright side I just found the way to bypass 50 users limit with ghost user as a caveat. :man_shrugging:

Summary

  1. User create zero trust org.
  2. Weird dev(me) find the way to delete organize.
  3. Weird dev try to reconstruct new organize.
  4. Tunnel and rules work but user not listed, also user analytics not show up.

Best guess
Cloudflare didn’t expect this to happen (delete organize) so the flow already mess up somewhere.
I think old organize relation maybe still exist and it point to old users/analytics instead of new one somehow because not graceful/clean exist by unexpected organize deletion from me.

Anyway I really expect the team try to reproduce that to see what I meant (just one single curl tho) and anyhow user shouldn’t randomly able to DELETE things from API.

Thanks