View GDPR Request
About
The gdprRequest query returns a single GDPR data request owned by the authenticated customer. If the request does not exist or belongs to a different customer, the query returns a not-found error — a customer can only view their own requests.
Authentication
This query requires an authenticated customer — send the storefront key and a customer Bearer token. See the Authentication page.
GDPR must be enabled
If GDPR data requests are disabled in the store's admin configuration, the query fails with the message "GDPR data requests are disabled. Please enable GDPR from the admin configuration." in errors[]. The feature has been turned off on the admin side.
Arguments
| Argument | Type | Required | Description |
|---|---|---|---|
id | ID! | ✅ Yes | The request IRI, e.g. /api/shop/gdpr-requests/12. |
Possible Returns
| Field | Type | Description |
|---|---|---|
_id | Int! | Numeric request ID. |
type | String! | Request type: delete or update. |
status | String! | Request status: pending, processing, declined, approved, revoked. |
message | String | The customer's message describing the request. |
email | String! | Email address tied to the request. |
revokedAt | DateTime | Timestamp when the request was revoked, or null. |
createdAt | DateTime! | Request creation timestamp. |
updatedAt | DateTime! | Request last update timestamp. |
customer | Customer! | The customer who owns the request. |
customer._id | Int! | Numeric customer ID of the owner. |

