Skip to main content

Endpoint

POST /v1/dpdp/data-principals/:principalId/erasure

Authentication

Requires a developer API key in the Authorization header.

Request Headers

HeaderValue
AuthorizationBearer <api_key>

Path Parameters

ParameterTypeRequiredDescription
principalIdstringYesThe data principal requesting erasure

Example Request

curl -X POST https://grantex-auth-dd4mtrt2gq-uc.a.run.app/v1/dpdp/data-principals/user_abc123/erasure \
  -H "Authorization: Bearer gx_..."

Response — 201 Created

{
  "requestId": "ER-2026-00042",
  "dataPrincipalId": "user_abc123",
  "status": "completed",
  "recordsErased": 3,
  "grantsRevoked": 2,
  "submittedAt": "2026-04-05T14:00:00.000Z",
  "expectedCompletionBy": "2026-04-12T14:00:00.000Z"
}

Response Fields

FieldTypeDescription
requestIdstringErasure request reference number (format: ER-YYYY-NNNNN)
dataPrincipalIdstringThe data principal whose data was erased
statusstringRequest status: completed
recordsErasednumberNumber of consent records marked as erased
grantsRevokednumberNumber of grants revoked as part of erasure
submittedAtstringISO-8601 timestamp of the erasure request
expectedCompletionBystringISO-8601 timestamp for full completion (7 days from submission)

What Happens on Erasure

  1. All consent records for the data principal are set to status: 'erased'
  2. All associated grants are revoked
  3. Audit entries are annotated with an erasedAt timestamp (anonymized)
  4. A dpdp.erasure.completed event is emitted

Error Responses

StatusCodeDescription
401UNAUTHORIZEDInvalid or missing API key
404NOT_FOUNDNo consent records found for this data principal

SDK Examples

import Grantex from '@grantex/sdk';

const grantex = new Grantex({ apiKey: 'gx_...' });

const result = await grantex.dpdp.requestErasure('user_abc123');
// result.recordsErased → 3
// result.grantsRevoked → 2