Are you looking for test card numbers?

Would you like to contact support?

Developer-resource icon

Data Protection API

Use our API to comply with GDPR's right to erasure mandate.

Our Data Protection API allows you to process Subject Erasure Requests as mandated in General Data Protection Regulation (GDPR).

Use our API to submit a request to delete a shopper's data, including payment details and other shopper-related information, for example, delivery address or shopper email.

Before you begin

  1. Make sure that your API credential has the Data Protection API role. If you need to enable this role, contact our Support Team.
  2. Get your API Key.

Submit a Subject Erasure Request

Send a POST /requestSubjectErasure request, specifying:

  • merchantAccount: Your merchant account.
  • pspReference: The PSP reference of the payment. We will delete all shopper-related data for this payment.
  • forceErasure: Optional. Set this to true if you want to delete shopper-related data, even if the shopper has an existing recurring transaction. This only deletes the shopper-related data for the specific payment, but does not cancel the existing recurring transaction.
curl \
-H "x-API-key: YOUR_X-API-KEY" \
-H "content-type: application/json" \
-d '{
  "forceErasure": true

In the response you receive:

    "result": "SUCCESS"

Possible result values are:

  • SUCCESS: The request has been received, and will be processed asynchronously.
  • ACTIVE_RECURRING_TOKEN_EXISTS: Data cannot be deleted because a recurring transaction is associated with the shopper's payment details. If you want to proceed with deleting shopper data, include forceErasure: true in your request.
  • PAYMENT_NOT_FOUND The PSP reference does not exist.
  • ALREADY_PROCESSED: We have already received a request for the same PSP reference.

After we receive your request, we will delete transaction data in accordance with the Merchant Agreement and redact shopper-related data from the Customer Area.

If you want to confirm that the data has been redacted, check the payment in your Customer Area. The shopper data fields will be shown as REDACTED, and the redaction date will be shown in the Data Protection section.

To switch to live, change the domain to