Developer-resource icon

Data Protection API

Use our API to comply with GDPR's right to erasure mandate.

Our Data Protection API allows you to process Subject Erasure Requests as mandated in General Data Protection Regulation (GDPR).

Use our API to submit a request to delete a shopper's data, including payment details and other shopper-related information, for example, delivery address or shopper email.

Submit a Subject Erasure Request

  1. Send a POST /requestSubjectErasure request, specifying:

    Parameter Required Description
    merchantAccount -white_check_mark- Your merchant account.
    pspReference -white_check_mark- The PSP reference of the original payment authorisation. We will delete all shopper-related data for this payment.
    forceErasure Set this to true if you want to delete shopper-related data, even if the shopper has an existing recurring transaction. This only deletes the shopper-related data for the specific payment, but does not cancel the existing recurring transaction.
  2. In the response, check the result value.

    {
      "result": "SUCCESS"
    }

    Possible result values are:

    • SUCCESS: the request has been received, and will be processed asynchronously.
    • ACTIVE_RECURRING_TOKEN_EXISTS: data cannot be deleted because a recurring transaction is associated with the shopper's payment details. If you want to proceed with deleting shopper data, include forceErasure: true in your request.
    • PAYMENT_NOT_FOUND: the PSP reference doesn't exist.
    • ALREADY_PROCESSED: we have already received a request for the same PSP reference.

    After we receive your request, we will delete transaction data in accordance with the Merchant Agreement and redact shopper-related data from the Customer Area.

  3. Optional. To verify that the data has been redacted, check the payment in your Customer Area. The shopper data fields are shown as REDACTED, and the redaction date is shown in the Data Protection section.

To switch to live, change the domain to ca-live.adyen.com.