Skip to content

View GDPR Request

Retrieve a single GDPR data request owned by the authenticated customer. If the request does not exist or belongs to a different customer, the endpoint returns HTTP 404 — a customer can only view their own requests.

Endpoint

GET /api/shop/gdpr-requests/{id}

Authentication

This endpoint requires an authenticated customer — send the storefront key and a customer Bearer token. See the Authentication page.

GDPR must be enabled

If GDPR data requests are disabled in the store's admin configuration, the endpoint returns HTTP 400 with the message "GDPR data requests are disabled. Please enable GDPR from the admin configuration." The feature has been turned off on the admin side.

Request Headers

HeaderRequiredDescription
Content-TypeYesapplication/json
X-STOREFRONT-KEYYesYour storefront API key
AuthorizationYesBearer token (customer login required)

Path Parameters

ParameterTypeRequiredDescription
idintegerYesThe request ID.

Response Fields (200 OK)

FieldTypeDescription
idintegerRequest ID.
typestringRequest type: delete or update.
statusstringRequest status: pending, processing, declined, approved, revoked.
messagestringThe customer's message describing the request.
emailstringEmail address tied to the request.
revokedAtstringISO 8601 timestamp when revoked, or null.
createdAtstringISO 8601 creation timestamp.
updatedAtstringISO 8601 last update timestamp.
customerobjectThe customer who owns the request.
customer._idintegerNumeric customer ID of the owner.

Status Codes

StatusMeaning
200 OKRequest returned.
400 Bad RequestGDPR is disabled in the store's admin configuration.
401 UnauthorizedMissing or invalid customer Bearer token.
403 ForbiddenMissing or invalid storefront key.
404 Not FoundThe request does not exist or is not owned by the customer.

Released under the MIT License.