Skip to main content

Endpoint

POST /v1/dpdp/consent-records/:recordId/withdraw

Authentication

Requires a developer API key in the Authorization header.

Request Headers

HeaderValue
AuthorizationBearer <api_key>
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
recordIdstringYesThe consent record ID to withdraw

Request Body

FieldTypeRequiredDescription
reasonstringYesReason for consent withdrawal
revokeGrantbooleanNoIf true, revokes the underlying Grantex grant
deleteProcessedDatabooleanNoIf true, anonymizes audit entries related to this consent (DPDP Section 6(6), GDPR Article 17)

Example Request

curl -X POST https://grantex-auth-dd4mtrt2gq-uc.a.run.app/v1/dpdp/consent-records/cr_01HXYZ.../withdraw \
  -H "Authorization: Bearer gx_..." \
  -H "Content-Type: application/json" \
  -d '{
    "reason": "No longer wish to share data for analytics",
    "revokeGrant": true,
    "deleteProcessedData": true
  }'

Response — 200 OK

{
  "recordId": "cr_01HXYZ...",
  "status": "withdrawn",
  "withdrawnAt": "2026-04-05T14:00:00.000Z",
  "grantRevoked": true,
  "dataDeleted": true
}

Response Fields

FieldTypeDescription
recordIdstringThe consent record ID
statusstringUpdated status: withdrawn
withdrawnAtstringISO-8601 timestamp of withdrawal
grantRevokedbooleanWhether the underlying grant was revoked
dataDeletedbooleanWhether processed data was anonymized

Error Responses

StatusCodeDescription
400BAD_REQUESTMissing reason field
401UNAUTHORIZEDInvalid or missing API key
404NOT_FOUNDConsent record not found
409ALREADY_WITHDRAWNConsent has already been withdrawn

SDK Examples

import Grantex from '@grantex/sdk';

const grantex = new Grantex({ apiKey: 'gx_...' });

const result = await grantex.dpdp.withdrawConsent('cr_01HXYZ...', {
  reason: 'No longer wish to share data',
  revokeGrant: true,
  deleteProcessedData: true,
});