Repeated account-deleted Server-to-Server notifications for the same Apple ID

Privacy & Security Sign in with Apple
afidev OP
Created 1d
Replies 0
Boosts 0
Views 192
Participants 1

Hello,

We are experiencing an issue related to Sign in with Apple Server-to-Server (S2S) notifications, specifically involving repeated delivery of the account-deleted event, and would like to ask whether this behavior is expected or known.

Background

We have configured an S2S notification endpoint for Sign in with Apple in accordance with Apple’s requirements for account status change notifications.

Our endpoint:

  • Is reachable over HTTPS
  • Consistently returns HTTP 200 OK
  • Successfully receives other S2S events, including:
    • email-enabled
    • email-disabled
    • consent-revoked

Issue: Repeated 'account-deleted' events for the same Apple ID

For most users, the account-deleted event is delivered only once, as expected. However, for a specific Apple ID used with Sign in with Apple, we are observing repeated deliveries of the same account-deleted event, arriving at regular intervals (approximately every 5 minutes).

The payload contents are identical between deliveries and include the same user identifier (sub) and event timestamp.

Notably:

  • The Apple ID deletion itself completed successfully
  • The payload does not change between deliveries
  • Our endpoint continues to return HTTP 200 OK for every request

Questions

We would appreciate clarification on the following points:

  1. Is repeated delivery of the same account-deleted event expected behavior in any scenario?
  2. Is there a retry or redelivery mechanism for this event type, even when HTTP 200 is returned?
  3. Could repeated deliveries indicate that the deletion process is still considered “in progress” on Apple’s side?
  4. Are developers expected to treat account-deleted events as at-least-once delivery and handle them idempotently?

Additional context

While researching this issue, we found a forum thread describing a very similar case: https://developer.apple.com/forums/thread/735674

In that discussion, Apple staff advised submitting the issue via Feedback Assistant, which suggests that this behavior may already be understood internally.

We have also submitted a Feedback Assistant report with detailed logs and timestamps.

Any clarification on the expected behavior or recommended handling for this scenario would be greatly appreciated.

Thank you for your time and support.

Replies  0
Boosts  0
Views  192
Participants  1
Repeated account-deleted Server-to-Server notifications for the same Apple ID
First post date Last post date
 
 
Q