QEHSDeveloper portal
record.deleted.v1
A record was soft-deleted.
record.deleted.v1v1at-least-once deliveryFires when
On any deletion that sets deletedAt — GDPR deletion workflow or an admin delete action. Hard deletes (purge) fire record.purged.v1 instead.
Payload fields
Envelope fields are shared across all event types. Event-specific data is nested under data.
| Field | Type | Required | Description |
|---|---|---|---|
eventId | string (uuid) | required | Unique per delivery attempt. Use for deduplication. |
event | string | required | Fully-qualified event name, e.g. record.created.v1. |
tenantId | string (uuid) | required | Tenant that owns the affected resource. |
firedAt | string (date-time) | required | ISO-8601 UTC timestamp when the event was emitted. |
data.recordId | string (uuid) | required | ID of the deleted record. |
data.moduleKey | string | required | Composer module key. |
data.deletionRequestId | string (uuid) | optional | Present when deletion was triggered by a GDPR deletion request. |
Sample payload
{
"eventId": "44444444-5555-6666-7777-888888888888",
"event": "record.deleted.v1",
"tenantId": "00000000-1111-2222-3333-444444444444",
"firedAt": "2026-04-18T12:37:00.000Z",
"data": {
"recordId": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"moduleKey": "incidents",
"deletionRequestId": "bbbbbbbb-cccc-dddd-eeee-ffffffffffff"
}
}Verify the signature
Every delivery includes X-QEHS-Signature: sha256=<hex> and X-Job-ID headers. Verify before trusting the body. See the webhooks signature docs for a full verification example.