adyen-openapi/yaml/DataProtectionService-v1.yaml

openapi: 3.1.0
servers:
- url: https://ca-test.adyen.com/ca/services/DataProtectionService/v1
info:
  version: '1'
  x-publicVersion: true
  title: Adyen Data Protection API
  description: 'Adyen Data Protection API provides a way for you to process [Subject
    Erasure Requests](https://gdpr-info.eu/art-17-gdpr/) as mandated in GDPR.


    Use our API to submit a request to delete shopper''s data, including payment details
    and other related information (for example, delivery address or shopper email).##
    Authentication

    Each request to the Data Protection API must be signed with an API key. Get your
    API Key from your Customer Area, as described in [How to get the API key](https://docs.adyen.com/development-resources/api-credentials#generate-api-key).
    Then set this key to the `X-API-Key` header value, for example:


    ```

    curl

    -H "Content-Type: application/json" \

    -H "X-API-Key: Your_API_key" \

    ...

    ```

    Note that when going live, you need to generate a new API Key to access the [live
    endpoints](https://docs.adyen.com/development-resources/live-endpoints).


    ## Versioning

    Data Protection Service API supports [versioning](https://docs.adyen.com/development-resources/versioning)
    using a version suffix in the endpoint URL. This suffix has the following format:
    "vXX", where XX is the version number.


    For example:

    ```

    https://ca-test.adyen.com/ca/services/DataProtectionService/v1/requestSubjectErasure

    ```'
  x-timestamp: '2022-12-29T13:27:30Z'
  termsOfService: https://www.adyen.com/legal/terms-and-conditions
  contact:
    name: Adyen Developer Experience team
    url: https://www.adyen.help/hc/en-us/community/topics
    email: developer-experience@adyen.com
x-groups:
- General
tags:
- name: General
paths:
  /requestSubjectErasure:
    post:
      tags:
      - General
      summary: Submit a Subject Erasure Request.
      description: Sends the PSP reference containing the shopper data that should
        be deleted.
      operationId: post-requestSubjectErasure
      x-groupName: General
      x-sortIndex: 0
      x-methodName: submitSubjectErasureRequest
      security:
      - BasicAuth: []
      - ApiKeyAuth: []
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SubjectErasureByPspReferenceRequest'
      responses:
        '200':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SubjectErasureResponse'
          description: OK - the request has succeeded.
        '400':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ServiceError'
          description: Bad Request - a problem reading or understanding the request.
        '401':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ServiceError'
          description: Unauthorized - authentication required.
        '403':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ServiceError'
          description: Forbidden - insufficient permissions to process the request.
        '422':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ServiceError'
          description: Unprocessable Entity - a request validation error.
        '500':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ServiceError'
          description: Internal Server Error - the server could not process the request.
components:
  schemas:
    ServiceError:
      properties:
        errorCode:
          description: The error code mapped to the error message.
          type: string
        errorType:
          description: The category of the error.
          type: string
        message:
          description: A short explanation of the issue.
          type: string
        pspReference:
          description: The PSP reference of the payment.
          type: string
        status:
          description: The HTTP response status.
          format: int32
          type: integer
    SubjectErasureByPspReferenceRequest:
      properties:
        forceErasure:
          description: Set this to **true** if you want to delete shopper-related
            data, even if the shopper has an existing recurring transaction. This
            only deletes the shopper-related data for the specific payment, but does
            not cancel the existing recurring transaction.
          type: boolean
        merchantAccount:
          description: Your merchant account
          type: string
        pspReference:
          description: The PSP reference of the payment. We will delete all shopper-related
            data for this payment.
          type: string
    SubjectErasureResponse:
      properties:
        result:
          description: The result of this operation.
          enum:
          - ACTIVE_RECURRING_TOKEN_EXISTS
          - ALREADY_PROCESSED
          - PAYMENT_NOT_FOUND
          - SUCCESS
          type: string
  securitySchemes:
    ApiKeyAuth:
      in: header
      name: X-API-Key
      type: apiKey
    BasicAuth:
      scheme: basic
      type: http
  examples: {}