---
title: "Using the data erasure API"
date: "2024-02-14T06:18:38+00:00"
summary: "Learn how to use the data erasure API for GDPR compliance in Acquia CDP. Follow step-by-step instructions to authenticate, make API calls, and purge customer records securely and efficiently."
image:
type: "page"
url: "/customer-data-platform/using-data-erasure-api"
id: "85248a20-e15b-44e4-bd18-67ea08b4723f"
---

To purge GDPR records, Acquia recommends using the data erasure feature in the CDP user interface.

Prerequisites
-------------

Before you implement the API, review the data that you want to send to CDP, and compare it to what other systems send to CDP. All data sources can send data about any entity to CDP, without any notion of priority. For more information, see Customer Data Platform (CDP) entities. Therefore, the data sent in your API overwrites the previous data for the related entity if that entity existed prior to your API call. Also, the data sent in your API can later be overwritten by any other system in the same way.

To reiterate, the platform is flexible in what data can be accepted. Therefore, you must send data from sources that you trust, and ensure that you do not send overlapping data from other sources.

To make API calls to the CDP platform:

1.  Obtain the bearer token through the authentication API.
    
2.  Call the data erasure API using the bearer token as authorization. The following is the API call using cURL:
    
        <api-host> : <api6, api6.eu>
        <bearer token>: 9c64fffb-d610-47a9-9df5-a12d9e76c125
        <customer-IdN>: 2022-10-18 00:00:00 UTC
        curl 'https://<api-host>.agilone.com/v2/<tenantid>/dw/dataerasure' \
        -H 'Accept: application/json, text/plain, /' \
        -H 'Accept-Language: en-US,en;q=0.9' \
        -H 'Authorization: Bearer <bearer token>' \
        -H 'Cache-Control: no-cache' \
        -H 'Connection: keep-alive' \
        -H 'Content-Type: application/json' \
        -H 'Origin: https://<api-host>.agilone.com' \
        -H 'Pragma: no-cache' \
        -H 'Referrer: https://<api-host>.agilone.com/' \
        -H 'Sec-Fetch-Dest: empty' \
        -H 'Sec-Fetch-Mode: cors' \
        -H 'Sec-Fetch-Site: same-site' \
        --data-raw '{"customerIds":["<customerId-1>","<customerId-2>"],"requestedDate":"2022-10-18 00:00:00 UTC","reason":"CCPA","requestOrigin":"Data Erasure","tenantId":193}' \
        --compressed
    

### Authentication API endpoint

    https://<tokenManagementSubdomain>.agilone.com/token?action=create&
    scheme=a1user

The following is the response of the authentication API endpoint:

    {
     "access_token": "<access_token>",
     "token_type": "bearer",
     "expires_in": <time>,
     "user": {
       "tenantId": <tenantId>,
       "username": "<username>",
       "userType": "CLIENT",
       "passwordExpiryDate": "<passwordExpiryDate>"
      }
    }

You need to get the access\_token and use it in the subsequent API calls with the authorization header. For more information, see [Authorization Header](#auth-header-data-erasure).

### List of Authentication APIs

   

Locale

Cloud

Cluster

Example

US

AWS

CS

`https://cs-auth.agilone.com/token`

US

AWS

Prod

`https://auth.agilone.com/token`

EU

AWS

CS

`https://cs-auth.eu.agilone.com/token`

EU

AWS

Prod

`https://auth.eu.agilone.com/token`

US

GCP

CS

`https://cs-gcp-auth.agilone.com/token`

US

GCP

Prod

`https://auth8.agilone.com/token`

Endpoint and payloads
---------------------

### Base API endpoint

    https://<environmentSubdomain>.agilone.com/v2/{tenantId}/dw/dataerasure

For example,

    https://api6.agilone.com/v2/1234/dw/dataerasure

In the preceding API endpoint, subdomains differ per environment:

  

Environment

Pre-Production

Production

US AWS

cs-api6

api6

EU AWS

cs-api6.eu

api6.eu

US GCP

cs-gcp-api6

api8

### API query parameter

You can use the following optional query parameter with the API:

*   **failOnNotFound**: Set this parameter to **true** to fail the API request if the customer Id is not found. The default value is **false**. With this parameter, the API endpoint becomes:
    
        https://<environmentSubdomain>.agilone.com/v2/{tenantId}/dw/dataerasure?failOnNotFound=<true or false>
    

### Method

POST

### Request parameters

To send data to CDP through the data erasure request API, you must set the HTTPS header: `content-type` to `application/json`.

You can send the following request parameters in the payload:

   

Parameter

Required?

Data Type

Description

reason

Yes

String

The reason for making the data erasure request. This is a free text field and you can specify a value based on the following:

*   `GDPR`: Erasure request is made by the data subject.
    
*   `GDPR`: Data is no longer relevant to the business.
    
*   `CCPA`: Erasure request is made by the consumer.
    
*   `Other`: Any reason other than the ones listed earlier.
    

customerIds

Yes

String

The list of known customer IDs. If you do not include all the customer IDs associated with the customer, data is partially erased.

requestOrigin

Yes

String

The consumer app, such as API that initiates the request. This parameter does not have a default value. However, ensure that you specify a well-defined value to accurately indicate the source system.

requestedDate

Yes

String

The date when the request was made. This can be derived from the application server time. This date can be a current or past date but not a future date. The format of this value is `yyyy-MM-dd HH:mm:ss z` and a sample value is `2022-02-03 00:00:00 UTC`.

requestedBy

No

String

The user who requested the data erasure.

### Authorization header

You must set the authentication header value to `Bearer <access_token>`.

### Sample request body

    {
      "reason": "<DataErasureReason>",
      "customerIds": [
        "<customerId1>",
        "<customerId2>",
        "<customerIdN>"
      ],
      "requestOrigin": "<requestOrigin>",
      "requestedDate": "yyyy-MM-dd HH:mm:ss z",
      “requestedBy” : “<FreeText-ActualRequester>”
    }

For response parameters, see [Payload and response code](/customer-data-platform/data-erasure-requests/data-erasure-through-api/payload-response-code).