Skip to content

Revoke a GDPR Request

Withdraw a GDPR data request the customer raised earlier. Revoking sets the request's status to revoked and stamps revokedAt. A request can only be revoked while it is still pending or processing — once it has been declined or approved it can no longer be revoked. The response carries a one-time successMessage.

Endpoint

POST /api/shop/gdpr-requests/{id}/revoke

Send an empty request body.

Authentication

This endpoint requires an authenticated customer — send the storefront key and a customer Bearer token. See the Authentication page.

GDPR must be enabled

If GDPR data requests are disabled in the store's admin configuration, the endpoint returns HTTP 400 with the message "GDPR data requests are disabled. Please enable GDPR from the admin configuration." The feature has been turned off on the admin side.

Request Headers

HeaderRequiredDescription
Content-TypeYesapplication/json
X-STOREFRONT-KEYYesYour storefront API key
AuthorizationYesBearer token (customer login required)

Path Parameters

ParameterTypeRequiredDescription
idintegerYesThe request ID to revoke.

Response Fields (200 OK)

FieldTypeDescription
idintegerRequest ID.
typestringRequest type: delete or update.
statusstringRequest status — revoked after a successful revoke.
messagestringThe message supplied in the request.
emailstringEmail address tied to the request.
revokedAtstringISO 8601 timestamp when the request was revoked.
createdAtstringISO 8601 creation timestamp.
updatedAtstringISO 8601 last update timestamp.
successMessagestringConfirmation message — present on create / revoke / delete results.
customerobjectThe customer who owns the request.
customer._idintegerNumeric customer ID of the owner.

Status Codes

StatusMeaning
200 OKRequest revoked.
400 Bad RequestGDPR is disabled in the store's admin configuration.
401 UnauthorizedMissing or invalid customer Bearer token.
403 ForbiddenMissing or invalid storefront key.
404 Not FoundThe request does not exist or is not owned by the customer.
422 Unprocessable EntityThe request is not in a pending or processing state.

Released under the MIT License.