ThreatExchange currently supports true deletes only for connections between ThreatIndicator objects to express relationships. Examples of when this can be useful are for describing URL re-direct chains or domain to IP address relationships. Connections are created via an HTTP DELETE request to the
/related URI for a specific object:
For the data itself, we do not support true deletes. If you wish to indicate data is no longer valid, set the
expired_on field for automatic soft-deletes and the
status field to NON_MALICIOUS for handling false positive cases.