View GDPR Request
Retrieve a single GDPR data request owned by the authenticated customer. If the request does not exist or belongs to a different customer, the endpoint returns HTTP 404 — a customer can only view their own requests.
Endpoint
GET /api/shop/gdpr-requests/{id}Authentication
This endpoint requires an authenticated customer — send the storefront key and a customer Bearer token. See the Authentication page.
GDPR must be enabled
If GDPR data requests are disabled in the store's admin configuration, the endpoint returns HTTP 400 with the message "GDPR data requests are disabled. Please enable GDPR from the admin configuration." The feature has been turned off on the admin side.
Request Headers
| Header | Required | Description |
|---|---|---|
Content-Type | Yes | application/json |
X-STOREFRONT-KEY | Yes | Your storefront API key |
Authorization | Yes | Bearer token (customer login required) |
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
id | integer | Yes | The request ID. |
Response Fields (200 OK)
| Field | Type | Description |
|---|---|---|
id | integer | Request ID. |
type | string | Request type: delete or update. |
status | string | Request status: pending, processing, declined, approved, revoked. |
message | string | The customer's message describing the request. |
email | string | Email address tied to the request. |
revokedAt | string | ISO 8601 timestamp when revoked, or null. |
createdAt | string | ISO 8601 creation timestamp. |
updatedAt | string | ISO 8601 last update timestamp. |
customer | object | The customer who owns the request. |
customer._id | integer | Numeric customer ID of the owner. |
Status Codes
| Status | Meaning |
|---|---|
200 OK | Request returned. |
400 Bad Request | GDPR is disabled in the store's admin configuration. |
401 Unauthorized | Missing or invalid customer Bearer token. |
403 Forbidden | Missing or invalid storefront key. |
404 Not Found | The request does not exist or is not owned by the customer. |

