Delete an employee

DELETE 
/employees/:id

Soft-deletes the employee and returns the deleted record. Send the current version via the If-Match header (preferred; from the ETag of a prior read) or the _version query param. Missing → 400; stale → 409.

Request

Responses

200

A single employee

Response Headers

ETag

Current record version; send back as If-Match on update/delete.

400

RFC 7807 problem

401

No API key was sent (missing Authorization header). Returned by the gateway as {"message":"Unauthorized"}, NOT RFC 7807, and without X-Request-Id. Note: a key that IS sent but is invalid/unknown/revoked/ expired returns 403 (see the Forbidden response), not 401.

403

A key was sent but rejected by the authorizer: the key is invalid / unknown / revoked / expired, OR its IP allow-list blocked the source IP, OR the key is newly created and not yet activated (~1 min propagation). Gateway-shaped and NOT RFC 7807, and without X-Request-Id. The body is the raw AWS authorizer-deny JSON with a CAPITAL Message: {"Message":"User is not authorized to access this resource with an explicit deny in an identity-based policy"}. This is an AWS string that may change — branch on the 403 status, not the body text.

404

RFC 7807 problem

409

RFC 7807 problem

429

Rate limit exceeded for this organization (metered per tenantId). Note: enforced by the API gateway, so the body is gateway-shaped ({"message":"Too Many Requests"}, with x-amzn-errortype: TooManyRequestsException), NOT RFC 7807, and without X-Request-Id. A Retry-After header is not guaranteed (the burst-rate throttle does not send one) — back off with your own exponential backoff and branch on the status, not the body text.