diff --git a/api/identity/associations.yaml b/api/identity/associations.yaml
index 8ff4a9ed..82c70fb8 100644
--- a/api/identity/associations.yaml
+++ b/api/identity/associations.yaml
@@ -30,6 +30,7 @@ paths:
       description: |-
         Determines if a given 3pid has been validated by a user.
       operationId: getValidated3pid
+      deprecated: true
       parameters:
         - in: query
           type: string
@@ -104,6 +105,7 @@ paths:
         ``application/x-form-www-urlencoded`` data.  However, this usage is
         deprecated.
       operationId: bind
+      deprecated: true
       parameters:
         - in: body
           name: body
@@ -221,6 +223,7 @@ paths:
         through to the client requesting an unbind through a homeserver, if the
         homeserver is acting on behalf of a client.
       operationId: unbind
+      deprecated: true
       parameters:
         - in: body
           name: body
diff --git a/api/identity/email_associations.yaml b/api/identity/email_associations.yaml
index 38186432..6ac28cd0 100644
--- a/api/identity/email_associations.yaml
+++ b/api/identity/email_associations.yaml
@@ -46,6 +46,7 @@ paths:
         ``application/x-form-www-urlencoded`` data.  However, this usage is
         deprecated.
       operationId: emailRequestToken
+      deprecated: true
       parameters:
         - in: body
           name: body
@@ -92,6 +93,7 @@ paths:
         ``application/x-form-www-urlencoded`` data.  However, this usage is
         deprecated.
       operationId: emailSubmitTokenPost
+      deprecated: true
       parameters:
         - in: body
           name: body
@@ -142,6 +144,7 @@ paths:
         Note that, in contrast with the POST version, this endpoint will be
         used by end-users, and so the response should be human-readable.
       operationId: emailSubmitTokenGet
+      deprecated: true
       parameters:
         - in: query
           type: string
diff --git a/api/identity/invitation_signing.yaml b/api/identity/invitation_signing.yaml
index 4e10e2b5..e2ac28b0 100644
--- a/api/identity/invitation_signing.yaml
+++ b/api/identity/invitation_signing.yaml
@@ -33,6 +33,7 @@ paths:
         The identity server will look up ``token`` which was stored in a call
         to ``store-invite``, and fetch the sender of the invite.
       operationId: blindlySignStuff
+      deprecated: true
       parameters:
         - in: body
           name: body
diff --git a/api/identity/lookup.yaml b/api/identity/lookup.yaml
index fd50f94b..166b0962 100644
--- a/api/identity/lookup.yaml
+++ b/api/identity/lookup.yaml
@@ -32,6 +32,7 @@ paths:
       summary: Look up the Matrix user ID for a 3pid.
       description: Look up the Matrix user ID for a 3pid.
       operationId: lookupUser
+      deprecated: true
       parameters:
         - in: query
           type: string
@@ -101,6 +102,7 @@ paths:
       summary: Lookup Matrix user IDs for a list of 3pids.
       description: Lookup Matrix user IDs for a list of 3pids.
       operationId: lookupUsers
+      deprecated: true
       parameters:
         - in: body
           name: body
diff --git a/api/identity/phone_associations.yaml b/api/identity/phone_associations.yaml
index b9933f1a..28312a4d 100644
--- a/api/identity/phone_associations.yaml
+++ b/api/identity/phone_associations.yaml
@@ -46,6 +46,7 @@ paths:
         ``application/x-form-www-urlencoded`` data. However, this usage is
         deprecated.
       operationId: msisdnRequestToken
+      deprecated: true
       parameters:
         - in: body
           name: body
@@ -94,6 +95,7 @@ paths:
         ``application/x-form-www-urlencoded`` data. However, this usage is
         deprecated.
       operationId: msisdnSubmitTokenPost
+      deprecated: true
       parameters:
         - in: body
           name: body
@@ -144,6 +146,7 @@ paths:
         Note that, in contrast with the POST version, this endpoint will be
         used by end-users, and so the response should be human-readable.
       operationId: msisdnSubmitTokenGet
+      deprecated: true
       parameters:
         - in: query
           type: string
diff --git a/api/identity/ping.yaml b/api/identity/ping.yaml
index 05e12a87..d7249a77 100644
--- a/api/identity/ping.yaml
+++ b/api/identity/ping.yaml
@@ -36,6 +36,7 @@ paths:
         This is primarly used for auto-discovery and health check purposes
         by entities acting as a client for the identity server.
       operationId: ping
+      deprecated: true
       responses:
         200:
           description: An identity server is ready to serve requests.
diff --git a/api/identity/pubkey.yaml b/api/identity/pubkey.yaml
index e657c61c..a585e7ec 100644
--- a/api/identity/pubkey.yaml
+++ b/api/identity/pubkey.yaml
@@ -30,6 +30,7 @@ paths:
       description: |-
         Get the public key for the passed key ID.
       operationId: getPubKey
+      deprecated: true
       parameters:
         - in: path
           type: string
@@ -72,6 +73,7 @@ paths:
         Check whether a long-term public key is valid. The response should always
         be the same, provided the key exists.
       operationId: isPubKeyValid
+      deprecated: true
       parameters:
         - in: query
           type: string
@@ -101,6 +103,7 @@ paths:
       description: |-
         Check whether a short-term public key is valid.
       operationId: isEphemeralPubKeyValid
+      deprecated: true
       parameters:
         - in: query
           type: string
diff --git a/api/identity/store_invite.yaml b/api/identity/store_invite.yaml
index bca78d7e..4a5d525d 100644
--- a/api/identity/store_invite.yaml
+++ b/api/identity/store_invite.yaml
@@ -55,6 +55,7 @@ paths:
         server's ability. Identity servers may use these variables when notifying
         the ``address`` of the pending invite for display purposes.
       operationId: storeInvite
+      deprecated: true
       parameters:
         - in: body
           name: body