> ## Documentation Index
> Fetch the complete documentation index at: https://moengage-sdk-docs.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Submit a GDPR/CCPA Data Request

> GDPR / CCPA API ensures all the rights of users are created or updated for GDPR / CCPA compliance. You can erase the personal data of specific users as defined under GDPR using the Erase API.

For more details on GDPR Compliance with MoEngage, refer to [GDPR-Implementation](https://help.moengage.com/hc/en-us/articles/360000878126-GDPR).

For more details on CCPA Compliance with MoEngage, refer to [CCPA-Implementation](https://help.moengage.com/hc/en-us/articles/360052917232-CCPA).

<Note>
The APP_ID for your MoEngage account is available on the MoEngage Dashboard in **Settings** > **Account** > **APIs** > **Workspace ID** (earlier app id).
</Note>


### Rate Limit

The maximum limit per request is **100 KB**. The maximum payload size is **128 KB**.

<Warning>
  **Important Note on Deletion:** Multiple users **cannot** be deleted using this API in a single payload. If an email ID associated with multiple users is passed for an erasure request, **all** associated users will be deleted.
</Warning>


## OpenAPI

````yaml /api/gdpr-ccpa/gdpr-ccpa.yaml post /opengdpr_requests/{appId}
openapi: 3.0.3
info:
  title: MoEngage GDPR / CCPA API
  description: >
    API to create or update user rights for **GDPR** (General Data Protection
    Regulation) or **CCPA** (California Consumer Privacy Act) compliance,
    including the right to erase personal data.
  version: '1.0'
servers:
  - url: https://api-0{X}.moengage.com/v1
    description: MoEngage API Server
    variables:
      X:
        default: '1'
        description: >-
          Your MoEngage Data Center (DC) number. Refer to MoEngage docs for your
          correct DC.
security:
  - basicAuth: []
tags:
  - name: GDPR
    description: Manage user data requests for GDPR and CCPA compliance.
paths:
  /opengdpr_requests/{appId}:
    post:
      tags:
        - GDPR
      summary: Submit a GDPR/CCPA Data Request
      description: >
        GDPR / CCPA API ensures all the rights of users are created or updated
        for GDPR / CCPA compliance. You can erase the personal data of specific
        users as defined under GDPR using the Erase API.


        For more details on GDPR Compliance with MoEngage, refer to
        [GDPR-Implementation](https://help.moengage.com/hc/en-us/articles/360000878126-GDPR).


        For more details on CCPA Compliance with MoEngage, refer to
        [CCPA-Implementation](https://help.moengage.com/hc/en-us/articles/360052917232-CCPA).


        <Note>

        The APP_ID for your MoEngage account is available on the MoEngage
        Dashboard in **Settings** > **Account** > **APIs** > **Workspace ID**
        (earlier app id).

        </Note>
      operationId: submitGdprRequest
      parameters:
        - name: appId
          in: path
          required: true
          schema:
            type: string
          description: >
            This is your MoEngage account's Workspace ID that must be included
            in the request. You can find your Workspace ID in the following
            navigation on the dashboard: Revamped UI: **Settings** > **Account**
            > **APIs** > **Workspace ID**
          example: YOUR_WORKSPACE_ID_XXXX
        - name: Content-Type
          in: header
          required: true
          schema:
            type: string
          description: |
            Set the Content-Type header to application/json.
          example: application/json
      requestBody:
        description: >
          The GDPR/CCPA request payload, containing the type of request and the
          user identities. The maximum payload size is **100kb**.
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/GdprRequest'
            example:
              request_type: erasure
              submitted_time: '2018-10-05T15:00:00Z'
              identities:
                - identity_type: email
                  identity_value: johndoe@example.com
              api_version: '1.0'
      responses:
        '200':
          description: >-
            Success. This response is returned when the request is processed
            successfully.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GdprSuccessResponse'
              example:
                status: success
                message: Your request has been accepted and will be processed soon.
                request_id: a7551968-d5d6-44b2-9831-815ac9017798
        '400':
          description: >-
            Bad Request. This response is returned when the required parameters
            are missing from the request, attributes are not found, or incorrect
            values are passed.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GdprError400Response'
        '401':
          description: >-
            Unauthorized. This response is returned when the request does not
            have valid authentication credentials.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GdprError401Response'
        '403':
          description: >-
            Account Blocked. This response is returned when your MoEngage
            account is suspended or blocked.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GdprError403Response'
        '413':
          description: >-
            Payload Size Exceeded. This response is returned when the payload
            size exceeds 128 KB.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GdprError413Response'
        '415':
          description: >-
            Unsupported Media Type. This response is returned when the content
            type is not supported.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GdprError415Response'
        '429':
          description: >-
            Rate Limit Breach. This response is returned when the number of
            requests has exceeded the rate limit.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GdprError429Response'
        '500':
          description: >-
            Internal Server Error. This response is returned when the system
            runs into an unexpected error.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GdprError500Response'
      x-codeSamples:
        - lang: curl
          label: GDPR Erasure Request Example
          source: |
            curl --request POST \
              --url 'https://api-0{X}.moengage.com/v1/opengdpr_requests/{appId}' \
              --header 'Authorization: Basic Base64_ENCODED_APPKEY_APIKEY' \
              --header 'Content-Type: application/json' \
              --data '{
                "request_type": "erasure",
                "submitted_time": "2018-10-05T15:00:00Z",
                "identities": [
                  {
                    "identity_type": "email",
                    "identity_value": "johndoe@example.com"
                  }
                ],
                "api_version": "1.0"
              }'
        - lang: curl
          label: Customer Data Update Example
          source: >
            curl --location --request POST
            'https://api-0X.moengage.com/v1/customer/{{appId}}?app_id={{appId}}'
            \

            --header 'Content-Type: application/json' \

            --header 'Authorization: Basic Base64_ENCODED_APPKEY_APIKEY' \

            --data-raw '{
                "type": "customer",
                "customer_id": "123",
                "attributes": {
                  "name": "JohnDoe",
                  "first_name": "John",
                  "platforms": [
                    {
                      "platform": "iOS",
                      "active": true
                    }
                  ]
                }
            }'
components:
  schemas:
    GdprRequest:
      type: object
      required:
        - request_type
        - submitted_time
        - identities
        - api_version
      description: The main object representing a GDPR or CCPA compliance request.
      properties:
        request_type:
          type: string
          description: >-
            This is used to request for GDPR details or request to erase the
            GDPR details
          example: erasure
        submitted_time:
          type: string
          format: date-time
          description: This identifies the time when the request was sent.
          example: '2018-10-05T15:00:00Z'
        identities:
          type: array
          description: >-
            This provides the details of the user, such as email address, phone
            number, and so on.
          items:
            $ref: '#/components/schemas/UserIdentity'
        api_version:
          type: string
          description: This identifies the API version used to send the GDPR request.
          example: '1.0'
    GdprSuccessResponse:
      type: object
      description: Standard successful response object for a submitted GDPR request.
      properties:
        status:
          type: string
          example: success
        message:
          type: string
          description: A human-readable message confirming the request was accepted.
          example: Your request has been accepted and will be processed soon.
        request_id:
          type: string
          format: uuid
          description: A unique ID generated for the submitted request.
          example: a7551968-d5d6-44b2-9831-815ac9017798
    GdprError400Response:
      type: object
      description: >-
        This response is returned when the required parameters are missing from
        the request, attributes are not found, or incorrect values are passed.
      properties:
        status:
          type: string
          example: fail
        error:
          type: object
          description: Contains the error details.
          properties:
            attribute:
              type: string
              example: request type
            message:
              type: string
              description: >-
                A human-readable message confirming the request was not
                accepted.
              example: request_type is not found in the payload.
            type:
              type: string
              example: MissingAttributeError
            request_id:
              type: string
              example: zuMJjxAS
    GdprError401Response:
      type: object
      description: >-
        This response is returned when the request does not have valid
        authentication credentials.
      properties:
        status:
          type: string
          example: fail
        error:
          type: object
          description: Contains the error details.
          properties:
            message:
              type: string
              description: >-
                A human-readable message confirming the request was not
                accepted.
              example: No identity information found.
            type:
              type: string
              example: Authentication required
            request_id:
              type: string
              example: IzbhlLyG
    GdprError403Response:
      type: object
      description: >-
        This response is returned when your MoEngage account is suspended or
        blocked.
      properties:
        status:
          type: string
          example: fail
        error:
          type: object
          description: Contains the error details.
          properties:
            message:
              type: string
              description: >-
                A human-readable message confirming the request was not
                accepted.
              example: Your account is suspended. Please contact MoEngage team.
            type:
              type: string
              example: BlockedClient
            request_id:
              type: string
              example: ofHUEaEQ
    GdprError413Response:
      type: object
      description: This response is returned when the payload size exceeds 128 KB.
      properties:
        status:
          type: string
          example: fail
        error:
          type: object
          description: Contains the error details.
          properties:
            message:
              type: string
              description: >-
                A human-readable message confirming the request was not
                accepted.
              example: Payload can not exceed 128KB.
            type:
              type: string
              example: Payload too large
            request_id:
              type: string
              example: VFzDwhwt
    GdprError415Response:
      type: object
      description: This response is returned when the content type is not supported.
      properties:
        status:
          type: string
          example: fail
        error:
          type: object
          description: Contains the error details.
          properties:
            message:
              type: string
              description: >-
                A human-readable message confirming the request was not
                accepted.
              example: Content type is not supported
            type:
              type: string
              example: Unsupported media type
            request_id:
              type: string
              example: SgBQfKJh
    GdprError429Response:
      type: object
      description: >-
        This response is returned when the number of requests has exceeded the
        rate limit.
      properties:
        status:
          type: string
          example: fail
        error:
          type: object
          description: Contains the error details.
          properties:
            message:
              type: string
              description: >-
                A human-readable message confirming the request was not
                accepted.
              example: Rate limits for customers exceeded. Please Try After Some Time
            type:
              type: string
              example: Rate Limits Exceeded
            request_id:
              type: string
              example: onqucLYL
    GdprError500Response:
      type: object
      description: This response is returned when the system runs into an unexpected error.
      properties:
        status:
          type: string
          example: fail
        error:
          type: object
          description: Contains the error details.
          properties:
            message:
              type: string
              description: >-
                A human-readable message confirming the request was not
                accepted.
              example: >-
                An unexpected error was encountered while processing this
                request. Please contact MoEngage Team
            type:
              type: string
              example: Server Error
            request_id:
              type: string
              example: KovrwJiF
    UserIdentity:
      type: object
      description: An object representing a user's identity detail.
      properties:
        identity_type:
          type: string
          description: >-
            This field denotes the key based on which the user has to be
            deleted.
          enum:
            - id
            - user_secondary_id
            - email
            - mobile
            - google_advertising_id
            - advertising_identifier
          example: email
        identity_value:
          type: string
          description: This field denotes the value of the identity_type.
          example: johndoe@example.com
  securitySchemes:
    basicAuth:
      type: http
      scheme: basic
      description: >
        Erase API uses basic authentication to control access to your data.


        The API request will be authenticated through Basic Authentication.
        Basic Authentication sends a Base64-encoded string containing your
        username and password with every API request. It encodes a
        'username:password' string in Base64 and appends the encoded string with
        'Basic '. This string is included in the authorization header as shown
        below:


        `{"Authorization: Basic Base64_ENCODED_APPKEY_APIKEY=="}`


        You can obtain the username and password details from the MoEngage
        Dashboard.


        1. Navigate to **Settings** -> **Account** -> **APIs**.

        2. Click **Generate Key** in the **Data** tile in the **API Keys**
        section, and click **Save**.

        3. Use the **Workspace ID** as the username and the **Data API** Key as
        the password to generate the authentication header.

````