Http delete request to Google Directory API returning 412 Precondition is not met: location If-Match

Question

I have been using Postman to send http requests to Google's Directory API. The GET request works fine (which shows that the admin token as well works fine) to get info for a user.

But, what I need to do is delete the user, and when I try this, I get the following back:

{
    "error": {
        "code": 412,
        "message": "Precondition is not met.",
        "errors": [
            {
                "message": "Precondition is not met.",
                "domain": "global",
                "reason": "conditionNotMet",
                "location": "If-Match",
                "locationType": "header"
            }
        ]
    }
}

I was presupposing that I was missing the etag, which is what I added from the user, but it did not work. I also tried adding "*" to the If-Match tag, and that did not work either. Maybe there is a way with a put or patch request?

The API reference is this: https://developers.google.com/admin-sdk/directory/reference/rest/v1/users/delete

The API does not work on Google's reference page either. I have also tried this in multiple domains where I am the super-admin so the error is not related to a specific super-user or domain.

I have also made sure, in multiple tests, that the user I am trying to delete is not an admin of any type.

I am adding images below to show that the GET api works fine. So I just need to know how to format the API request to be able to delete the user.

Answer 1

Ok, after talking directly to Google and even seeing that Jay Lee (author of GAM) ran into the same problem, we found out that you can't delete a user if:

1. It has a license of some sort
2. It's an admin
3. It has a Google Vault retention rule applied

To be able to delete a user from now on, you must remove all these things (licenses, admin privileges, Vault retention rules) or you must transfer the information of that user to another user (along with whatever else Google asks you to remove beforehand).

The "Precondition is not met" is vague and Google should change this, but it means that one of the three things above have not been removed yet.

Below I am adding multiple links to confirm what I mentioned above as well as the APIs you need to use on users before being able to delete them.

https://groups.google.com/g/google-apps-manager/c/83kR-4MoPk0?pli=1

https://github.com/GAM-team/GAM/releases?gam-releases

https://developers.google.com/admin-sdk/data-transfer/reference/rest/v1/transfers#DataTransfer

https://developers.google.com/vault/guides/holds#python

https://developers.google.com/vault/reference/rest/v1/matters.holds.accounts/list