Raise a GDPR Request
About
The createGdprRequest mutation raises a new GDPR data request for the authenticated customer. A new request is created with status pending and is tied to the logged-in customer. The result carries a one-time successMessage confirming the request was raised.
Authentication
This mutation requires an authenticated customer — send the storefront key and a customer Bearer token. See the Authentication page.
GDPR must be enabled
If GDPR data requests are disabled in the store's admin configuration, the mutation fails with the message "GDPR data requests are disabled. Please enable GDPR from the admin configuration." in errors[]. The feature has been turned off on the admin side.
Input Fields
| Field | Type | Required | Description |
|---|---|---|---|
type | String! | ✅ Yes | Request type — delete (delete account data) or update (update personal data). |
message | String! | ✅ Yes | A message describing what the customer is requesting. |
Possible Returns
| Field | Type | Description |
|---|---|---|
gdprRequest._id | Int! | Numeric request ID. |
gdprRequest.type | String! | Request type: delete or update. |
gdprRequest.status | String! | Request status — pending for a freshly raised request. |
gdprRequest.message | String | The message supplied in the request. |
gdprRequest.email | String! | Email address tied to the request. |
gdprRequest.revokedAt | DateTime | Timestamp when the request was revoked, or null. |
gdprRequest.createdAt | DateTime! | Request creation timestamp. |
gdprRequest.updatedAt | DateTime! | Request last update timestamp. |
gdprRequest.successMessage | String | Confirmation message — present on create / revoke / delete results. |
gdprRequest.customer | Customer! | The customer who owns the request. |
gdprRequest.customer._id | Int! | Numeric customer ID of the owner. |

