The nexus-security-3.1.0-04-javadoc documents REST API features available to administer user accounts:
There is a function to create users:
addUser(String id, String firstName, String lastName, String email, boolean active, String password, List<String> roleIds)
However, there is no function to delete user accounts. This is required.
Alternately, an update function which allowed for modification of existing accounts would be sufficient.
Use cases for this would be updating a user's password, or locking/unlocking an account WITHOUT the use of the GUI.
A delete function would allow the user to be removed from the system, the recreated with a new password/permissions. This would suffice, for the meantime.
Being unable to programatically remove uses from the system poses a potential security risk. As does being unable to rotate user passwords.