openapi: 3.0.0 info: title: VTex Data Subject Rights API - PII data architecture description: ">❗ This API is currently in closed alpha testing stage, which means that only specific customers can access it now. Do not share this documentation with people outside of your company. If you do not have access yet, please refer to the [Erasing customer data](https://help.vtex.com/en/tutorial/erasing-customer-data--1R9Fn7A06Ifj4R9YD4JTKU) guide instead.\r\n\r\n>⚠️ The **Data Subject Rights API - PII data architecture** is only compatible with stores using the PII data architecture from [Data Protection Plus](https://developers.vtex.com/docs/guides/data-protection-plus), which is in closed beta phase, only available in select regions.\r\n>\r\n> This feature is part of [VTEX Shield](https://help.vtex.com/en/tutorial/vtex-shield--2CVk6H9eY2CBtHjtDI7BFh). If you are already a VTEX customer and want to adopt VTEX Shield for your business, please contact [Commercial Support](https://help.vtex.com/en/tracks/support-at-vtex--4AXsGdGHqExp9ZkiNq9eMy/3KQWGgkPOwbFTPfBxL7YwZ). Additional fees may apply. If you are not yet a customer but are interested in this solution, please complete our [contact form](https://vtex.com/us-en/contact/).\r\n\r\nAccording to data protection policies, such as [GDPR and LGPD](https://vtex.com/us-en/privacy-and-agreements/vtex-commitment/), companies using customer personal data are required to delete collected information upon the customer's request.\r\n\r\nData Subject Rights API allows stores using the [PII data architecture](https://developers.vtex.com/docs/guides/pii-data-architecture-specifications) from [Data Protection Plus](https://developers.vtex.com/docs/guides/data-protection-plus) to erase user data collected by Checkout, Orders, VTEX ID and Profile System, without depending on the VTEX Support flow described in the [Erasing customer data](https://help.vtex.com/en/tutorial/erasing-customer-data--1R9Fn7A06Ifj4R9YD4JTKU) guide.\r\n\r\n## Index\r\n\r\n- `POST` [Erase customer data](https://developers.vtex.com/docs/api-reference/user-data-rights-api#post-/api/user-rights/createAndProcessDeleteUserData)" version: '1.0' servers: - url: http://api.vtex.com description: VTEX server URL. paths: /api/user-rights/createAndProcessDeleteUserData: post: tags: - Data Subject Rights summary: VTex Erase customer data description: "Deletes a given customer's data collected in your store by Checkout, Orders, VTEX ID and Profile System.\r\n\r\n> Only orders with `invoiced` or `canceled` status are erased in this request.\r\n\r\n>❗ This API is currently in closed alpha testing stage, which means that only specific customers can access it now. Do not share this documentation with people outside of your company. If you do not have access yet, please refer to the [Erasing customer data](https://help.vtex.com/en/tutorial/erasing-customer-data--1R9Fn7A06Ifj4R9YD4JTKU) guide instead.\r\n\r\n>⚠️ This endpoint is only compatible with stores using the PII data architecture from [Data Protection Plus](https://developers.vtex.com/docs/guides/data-protection-plus), which is in closed beta phase, only available in select regions.\r\n>\r\n> This feature is part of [VTEX Shield](https://help.vtex.com/en/tutorial/vtex-shield--2CVk6H9eY2CBtHjtDI7BFh). If you are already a VTEX customer and want to adopt VTEX Shield for your business, please contact [Commercial Support](https://help.vtex.com/en/tracks/support-at-vtex--4AXsGdGHqExp9ZkiNq9eMy/3KQWGgkPOwbFTPfBxL7YwZ). Additional fees may apply. If you are not yet a customer but are interested in this solution, please complete our [contact form](https://vtex.com/us-en/contact/).\r\n\r\n## Permissions\r\n\r\nAny user or [application key](https://developers.vtex.com/docs/guides/api-authentication-using-application-keys) must have at least one of the appropriate [License Manager resources](https://help.vtex.com/en/tutorial/license-manager-resources--3q6ztrC8YynQf6rdc6euk3) to be able to successfully run this request. Otherwise they will receive a status code `403` error. These are the applicable resources for this endpoint:\r\n\r\n| **Product** | **Category** | **Resource** |\r\n| --------------- | ----------------- | ----------------- |\r\n| User Rights | user-rights-request | **Write user rights requests** |\r\n\r\nThere are no applicable [predefined roles](https://help.vtex.com/en/tutorial/predefined-roles--jGDurZKJHvHJS13LnO7Dy) for this resource list. You must [create a custom role](https://help.vtex.com/en/tutorial/roles--7HKK5Uau2H6wxE1rH5oRbc#creating-a-role) and add at least one of the resources above in order to use this endpoint. To learn more about machine authentication at VTEX, see [Authentication overview](https://developers.vtex.com/docs/guides/authentication).\r\n\r\n>❗ To prevent integrations from having excessive permissions, consider the [best practices for managing app keys](https://help.vtex.com/en/tutorial/best-practices-application-keys--7b6nD1VMHa49aI5brlOvJm) when assigning License Manager roles to integrations." parameters: - $ref: '#/components/parameters/Content-Type' - $ref: '#/components/parameters/Accept' - $ref: '#/components/parameters/an' requestBody: content: application/json: schema: type: object properties: email: type: string description: Email of the client whose data will be deleted. example: john@mail.com responses: '200': description: OK content: application/json: schema: type: object properties: uuid: type: string description: User data rights request unique identifier in [UUID](https://www.uuidtools.com/what-is-uuid) format. requestType: type: string description: Type of user data rights request. email: type: string description: Client email. status: type: string description: Status of the user data rights request. dataResponse: type: string description: Escaped JSON containing information about the status of data deletion on each VTEX system that stores client data. requestTime: type: string description: Date of the user data rights request in [ISO 8601](https://www.iso.org/iso-8601-date-and-time-format.html)format. applications: type: array description: Array containing an object for each VTEX application that stores client data. items: type: object description: Object containing information about user data status in each VTEX application that stores client data. properties: application: type: string description: Abbreviated name of the application, which can be `chk` (Checkout), `orders` (Order Management System), `profileSystemV2` (PII Profile System) or `vid` (VTEX ID). status: type: string description: "Status of client data in the given application. The possible values are:\n\r- `Completed` - Processing completed successfully.\n\r- `Error` - An unexpected error occurred during the process. You must make a new request.\n\r- `PendingCheck` - Pending validation. Unable to perform validation on one or more services.\n\r- `Blocked` - Pending validation. One or more services are unable to fulfill the deletion request. You need to wait and make a new request in the future.\n\r- `PendingDeletion` - It was not possible to delete data in one or more services. You must make a new request." errorDetail: type: string description: In case of error, this field contains an explanatory error message. Otherwise, this field is an empty string. updateAt: type: string description: Date of the latest update in client data in the given application, in UTC format. example: uuid: 3e2f53dc-b099-4dc8-9727-581b2a97f39c requestType: Removal email: pedido2@vtexchallenge.com status: Completed dataResponse: "{\r\n \"VTEX Checkout\": [],\r\n \"orders\": {\r\n \"dataStatus\": {\r\n \"status\": \"anonymized\",\r\n \"reason\": \"Sensitive information was anonymized rather than deleted to preserve the store metrics.\",\r\n \"evidence\": \"Anonymized [0] orders\",\r\n \"dryRun\": true\r\n },\r\n \"orders\": []\r\n },\r\n \"Profile System PII API\": {},\r\n \"VTEX ID\": {\r\n \"type\": \"https://tools.ietf.org/html/rfc7231#section-6.5.4\",\r\n \"title\": \"Not Found\",\r\n \"status\": 404,\r\n \"traceId\": \"00-65d5abf9263b07eb185beee49e2075dc-b67b373e2e93dcf8-00\"\r\n }\r\n}" requestTime: '2023-09-05T17:19:33.1969022-03:00' applications: - application: chk status: Deleted errorDetail: '' updateAt: '2023-09-05T20:20:23' - application: orders status: Deleted errorDetail: '' updateAt: '2023-09-05T20:20:25' - application: profileSystemV2 status: Deleted errorDetail: '' updateAt: '2023-09-05T20:20:26' - application: vid status: Deleted errorDetail: '' updateAt: '2023-09-05T20:20:29' components: parameters: Content-Type: name: Content-Type in: header description: Type of the content being sent. required: true style: simple schema: type: string example: application/json Accept: name: Accept in: header description: HTTP Client Negotiation _Accept_ Header. Indicates the types of responses the client can understand. required: true style: simple schema: type: string example: application/json an: name: an in: query description: Name of your VTEX account. required: false style: form schema: type: string example: mystore securitySchemes: appKey: type: apiKey in: header name: X-VTEX-API-AppKey description: Unique identifier of the [application key](https://developers.vtex.com/docs/guides/api-authentication-using-application-keys). appToken: type: apiKey in: header name: X-VTEX-API-AppToken description: Secret token of the [application key](https://developers.vtex.com/docs/guides/api-authentication-using-application-keys). VtexIdclientAutCookie: type: apiKey in: header name: VtexIdclientAutCookie description: '[User token](https://developers.vtex.com/docs/guides/api-authentication-using-user-tokens), valid for 24 hours.' tags: - name: Data Subject Rights security: - appKey: [] appToken: [] - VtexIdclientAutCookie: []