Skip to content

Revoke a GDPR Request

About

The revokeGdprRequest mutation withdraws a GDPR data request the customer raised earlier. Revoking sets the request's status to revoked and stamps revokedAt. A request can only be revoked while it is still pending or processing — once it has been declined or approved it can no longer be revoked. The result carries a one-time successMessage.

Authentication

This mutation requires an authenticated customer — send the storefront key and a customer Bearer token. See the Authentication page.

GDPR must be enabled

If GDPR data requests are disabled in the store's admin configuration, the mutation fails with the message "GDPR data requests are disabled. Please enable GDPR from the admin configuration." in errors[]. The feature has been turned off on the admin side.

Input Fields

FieldTypeRequiredDescription
idID!✅ YesThe request IRI, e.g. /api/shop/gdpr-requests/12.

Possible Returns

FieldTypeDescription
gdprRequest._idInt!Numeric request ID.
gdprRequest.typeString!Request type: delete or update.
gdprRequest.statusString!Request status — revoked after a successful revoke.
gdprRequest.messageStringThe message supplied in the request.
gdprRequest.emailString!Email address tied to the request.
gdprRequest.revokedAtDateTimeTimestamp when the request was revoked.
gdprRequest.createdAtDateTime!Request creation timestamp.
gdprRequest.updatedAtDateTime!Request last update timestamp.
gdprRequest.successMessageStringConfirmation message — present on create / revoke / delete results.
gdprRequest.customerCustomer!The customer who owns the request.
gdprRequest.customer._idInt!Numeric customer ID of the owner.

Released under the MIT License.