We generally use (and want to keep) the recycle bin.
We have several object types where we do not allow (soft) delete for the non-admin user roles, because there may be child objects, so we need a casaded delete, or the object impacts the status of its parent object, so we need to update the parent object after deletion.
We solved this by providing custom actions for deletion that trigger a microservice run with higher privilege. In order for the microservice to do a soft-delete, it must run with user credentials such as root. Authentication with an API-key will run it as a system user, which leads to an error in the DELETE operation because a system user does not have a recycle bin.
We know that API-key authentication is the preferred method. However, we do not find a way to switch to it without losing controlled soft delete.
Can you confirm that there is no other option, or are we overlooking something?