Update GDPR Request
| Endpoint | Method |
|---|---|
/api/admin/customers/gdpr-requests/{id} | PUT |
Pure metadata write — no side effects
For pending → processing / pending → declined use this endpoint. For the destructive cascade (delete customer when type=delete), use Process GDPR Request.
Allowed status values: pending, processing, declined, approved, revoked. Invalid → 422. Fires customer.gdpr-request.update.before/after + customer.account.gdpr-request.update.after so the StatusUpdateNotification email listener still fires.
Permission: customers.gdpr_requests.edit.