Users deleting their own accounts in NextJS

System Information
  • Strapi Version: 4.5.3
  • Operating System: MacOS
  • Database: SQLite
  • Node Version: 18.12.1
  • NPM Version: 9.1.3
  • Yarn Version: 1.22.19

This must be the noobiest question but I can’t find anything in Google ^_^U

I’m developing a simple website in Strapi and NextJS, for musicians to find bands and viceversa. I’m currently stuck with the user’s profile page, where I’d like users to change username, email, password, etc, and also delete their accounts (with a button at the bottom of the page).

What would be needed for an user to delete his/her own account? Even just the steps to make it with Insomnia API client would be great.

Thanks a lot in advance :slight_smile:

Small update: I tried enabling the “destroy” user permission for authenticated users. However, this will let any user delete any user, which is not the idea.

I removed the destroy permission and tried DELETE localhost:1337/api/users/me, but I get a “Forbidden” error.

I’m guessing I have to create a custom “destroyme” policy. A bit susprising this is not available out of the box.

I ended up crafting a custom controller like this:

plugin.controllers.user.destroyme = async (ctx) => {
    const authUser = ctx.state.user;

    if (!authUser) {
      return ctx.unauthorized();

    const user = await getService('user').fetch(;

    if (!user) {
      throw new NotFoundError(`User not found`);

    const data = await getService('user').remove({ id: });
    const sanitizedUser = await sanitizeOutput(data, ctx);