Soft-disable a customer user (sessions + API keys revoked)
delete
/v1/admin/users/{id}Marks the user as disabled, revokes all active sessions and API keys. The row is NOT hard-deleted so foreign-key references (audit, org membership) remain intact.