Skip to content

Delete a GDPR Request

Remove a GDPR data request record owned by the authenticated customer. On success the endpoint returns HTTP 204 No Content with an empty body. A customer can only delete their own requests.

Endpoint

DELETE /api/shop/gdpr-requests/{id}

Authentication

This endpoint requires an authenticated customer — send the storefront key and a customer Bearer token. See the Authentication page.

GDPR must be enabled

If GDPR data requests are disabled in the store's admin configuration, the endpoint returns HTTP 400 with the message "GDPR data requests are disabled. Please enable GDPR from the admin configuration." The feature has been turned off on the admin side.

Request Headers

HeaderRequiredDescription
Content-TypeYesapplication/json
X-STOREFRONT-KEYYesYour storefront API key
AuthorizationYesBearer token (customer login required)

Path Parameters

ParameterTypeRequiredDescription
idintegerYesThe request ID to delete.

Response (204 No Content)

A successful delete returns HTTP 204 with no response body.

Status Codes

StatusMeaning
204 No ContentRequest deleted.
400 Bad RequestGDPR is disabled in the store's admin configuration.
401 UnauthorizedMissing or invalid customer Bearer token.
403 ForbiddenMissing or invalid storefront key.
404 Not FoundThe request does not exist or is not owned by the customer.

Released under the MIT License.