Delete a GDPR Request
About
The deleteGdprRequest mutation removes a GDPR data request record owned by the authenticated customer. The mutation returns a snapshot of the deleted request — its _id and a one-time successMessage — so the client can confirm the removal. A customer can only delete their own requests.
Authentication
This mutation requires an authenticated customer — send the storefront key and a customer Bearer token. See the Authentication page.
GDPR must be enabled
If GDPR data requests are disabled in the store's admin configuration, the mutation fails with the message "GDPR data requests are disabled. Please enable GDPR from the admin configuration." in errors[]. The feature has been turned off on the admin side.
Input Fields
| Field | Type | Required | Description |
|---|---|---|---|
id | ID! | ✅ Yes | The request IRI, e.g. /api/shop/gdpr-requests/12. |
Possible Returns
| Field | Type | Description |
|---|---|---|
gdprRequest._id | Int! | Numeric ID of the deleted request. |
gdprRequest.successMessage | String | Confirmation message — present on create / revoke / delete results. |

