--- title: "Data Protection API" description: "Use our API to comply with GDPR's right to erasure mandate." url: "https://docs.adyen.com/development-resources/data-protection-api" source_url: "https://docs.adyen.com/development-resources/data-protection-api.md" canonical: "https://docs.adyen.com/development-resources/data-protection-api" last_modified: "2023-05-31T19:51:00+02:00" language: "en" --- # Data Protection API Use our API to comply with GDPR's right to erasure mandate. [View source](/development-resources/data-protection-api.md) Our Data Protection API allows you to process [Subject Erasure Requests](https://gdpr-info.eu/art-17-gdpr/) as mandated in General Data Protection Regulation (GDPR). Use our API to submit a request to delete a shopper's data, including payment details and other shopper-related information, for example, delivery address or shopper email. ## Submit a Subject Erasure Request 1. Send a POST `/requestSubjectErasure` request, specifying: | Parameter | Required | Description | | ----------------- | ------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `merchantAccount` | ![-white\_check\_mark-](/user/data/smileys/emoji/white_check_mark.png "-white_check_mark-") | Your merchant account. | | `pspReference` | ![-white\_check\_mark-](/user/data/smileys/emoji/white_check_mark.png "-white_check_mark-") | The PSP reference of the original payment authorisation. We will delete all shopper-related data for this payment. | | `forceErasure` | | Set this to **true** if you want to delete shopper-related data, even if the shopper has an existing recurring transaction. This only deletes the shopper-related data for the specific payment, but does not cancel the existing recurring transaction. | ```bash curl https://ca-test.adyen.com/ca/services/DataProtectionService/v1/requestSubjectErasure \ -H 'x-api-key: ADYEN_API_KEY' \ -H 'content-type: application/json' \ -d '{ "merchantAccount":"YOUR_MERCHANT_ACCOUNT", "pspReference":"9915520502347613", "forceErasure": true }' ``` 2. In the response, check the `result` value. ```json { "result": "SUCCESS" } ``` Possible `result` values are: * **SUCCESS**: the request has been received, and will be processed asynchronously. * **ACTIVE\_RECURRING\_TOKEN\_EXISTS**: data cannot be deleted because a recurring transaction is associated with the shopper's payment details. If you want to proceed with deleting shopper data, include `forceErasure`: **true** in your request. * **PAYMENT\_NOT\_FOUND**: the PSP reference doesn't exist. * **ALREADY\_PROCESSED**: we have already received a request for the same PSP reference. After we receive your request, we will delete transaction data in accordance with the Merchant Agreement and redact shopper-related data from the [Customer Area](https://ca-test.adyen.com/). 3. Optional. To verify that the data has been redacted, check the payment in your [Customer Area](https://ca-test.adyen.com/). The shopper data fields are shown as *REDACTED*, and the redaction date is shown in the **Data Protection** section. To switch to live, change the domain to `ca-live.adyen.com`.