Skip to content

List GDPR Requests

Retrieve a paginated list of the authenticated customer's own GDPR data requests. Requests are always scoped to the logged-in customer — a customer can never see another customer's requests. Results are ordered newest first by default.

Endpoint

GET /api/shop/gdpr-requests

Authentication

This endpoint requires an authenticated customer — send the storefront key and a customer Bearer token. See the Authentication page.

GDPR must be enabled

If GDPR data requests are disabled in the store's admin configuration, the endpoint returns HTTP 400 with the message "GDPR data requests are disabled. Please enable GDPR from the admin configuration." The feature has been turned off on the admin side.

Request Headers

HeaderRequiredDescription
Content-TypeYesapplication/json
X-STOREFRONT-KEYYesYour storefront API key
AuthorizationYesBearer token (customer login required)

Query Parameters

ParameterTypeDefaultDescription
sortstringidSort column: id or created_at.
orderstringdescSort direction: asc or desc.
pageinteger1Page number.
per_pageinteger10Items per page.

Response Fields (200 OK)

The response is a { data, meta } envelope. Each item in data is a GDPR request object.

FieldTypeDescription
data[].idintegerRequest ID.
data[].typestringRequest type: delete or update.
data[].statusstringRequest status: pending, processing, declined, approved, revoked.
data[].messagestringThe customer's message describing the request.
data[].emailstringEmail address tied to the request.
data[].revokedAtstringISO 8601 timestamp when revoked, or null.
data[].createdAtstringISO 8601 creation timestamp.
data[].updatedAtstringISO 8601 last update timestamp.
data[].customerobjectThe customer who owns the request.
data[].customer._idintegerNumeric customer ID of the owner.
metaobjectPagination metadata (currentPage, perPage, lastPage, total, from, to).

Empty Collection

When the customer has no requests, data is an empty array:

json
{
  "data": [],
  "meta": {
    "currentPage": 1,
    "perPage": 10,
    "lastPage": 1,
    "total": 0,
    "from": null,
    "to": null
  }
}

Status Codes

StatusMeaning
200 OKRequests returned.
400 Bad RequestGDPR is disabled in the store's admin configuration.
401 UnauthorizedMissing or invalid customer Bearer token.
403 ForbiddenMissing or invalid storefront key.

Released under the MIT License.