Delete a GDPR Request
Remove a GDPR data request record owned by the authenticated customer. On success the endpoint returns HTTP 204 No Content with an empty body. A customer can only delete their own requests.
Endpoint
DELETE /api/shop/gdpr-requests/{id}Authentication
This endpoint requires an authenticated customer — send the storefront key and a customer Bearer token. See the Authentication page.
GDPR must be enabled
If GDPR data requests are disabled in the store's admin configuration, the endpoint returns HTTP 400 with the message "GDPR data requests are disabled. Please enable GDPR from the admin configuration." The feature has been turned off on the admin side.
Request Headers
| Header | Required | Description |
|---|---|---|
Content-Type | Yes | application/json |
X-STOREFRONT-KEY | Yes | Your storefront API key |
Authorization | Yes | Bearer token (customer login required) |
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
id | integer | Yes | The request ID to delete. |
Response (204 No Content)
A successful delete returns HTTP 204 with no response body.
Status Codes
| Status | Meaning |
|---|---|
204 No Content | Request deleted. |
400 Bad Request | GDPR is disabled in the store's admin configuration. |
401 Unauthorized | Missing or invalid customer Bearer token. |
403 Forbidden | Missing or invalid storefront key. |
404 Not Found | The request does not exist or is not owned by the customer. |

