GDPR Webhook Method Types not defined on the documentation

Greenlyst · ‎11-15-2019

I am implementing the GDPR requirements based on the documentation here https://help.shopify.com/en/api/guides/gdpr-resources. What I am confused is what is the HTTP Method type for each of the calls? Will they be GET requests or POST requests?

Abishek R Srikaanth | Co-Founder @ greenlyst.app
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!

Visely-Team · ‎12-13-2019

As I said, GDPR calls are webhooks and work the same way all webhooks work - https://help.shopify.com/en/api/reference/events/webhook and are using POSTs. In the POST body you get the context of the request, like customer id, email, order ids you should use to collect/delete data. In case of "customers/data_request" you'll need to send all the information back to the merchant through email so he can forward it to the customer that requested data. Though, from our experience, most of the merchants have no idea what to do with it 🙂

Fullfilment Service on the other hand is not a webhook in the Shopify nomenclature as it polls data from you and not pushes data towards you.

Sergiu Svinarciuc | CTO @ visely.io
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!
- To learn more about the awesome stuff we do head over to visely.io or our blog

View solution in original post

Visely-Team · ‎11-16-2019

They work by the same principles as the regular webhooks work. So yes, they are using POSTs.

Sergiu Svinarciuc | CTO @ visely.io
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!
- To learn more about the awesome stuff we do head over to visely.io or our blog

Greenlyst · ‎12-11-2019

The fulfillment service does a GET request for "/fetch_tracking_numbers". So I wasn't quite sure what type of call the GDPR does. For example the method "customers/data_request" felt like a GET request than a POST request. Let me know if my assumption is correct. I feel that this should be documented correctly here https://help.shopify.com/en/api/guides/gdpr-resources

Abishek R Srikaanth | Co-Founder @ greenlyst.app
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!

Visely-Team · ‎12-13-2019

As I said, GDPR calls are webhooks and work the same way all webhooks work - https://help.shopify.com/en/api/reference/events/webhook and are using POSTs. In the POST body you get the context of the request, like customer id, email, order ids you should use to collect/delete data. In case of "customers/data_request" you'll need to send all the information back to the merchant through email so he can forward it to the customer that requested data. Though, from our experience, most of the merchants have no idea what to do with it 🙂

Fullfilment Service on the other hand is not a webhook in the Shopify nomenclature as it polls data from you and not pushes data towards you.

Sergiu Svinarciuc | CTO @ visely.io
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!
- To learn more about the awesome stuff we do head over to visely.io or our blog

Greenlyst · ‎12-13-2019

Thank you. Appreciate it clarifying this in detail.

Abishek R Srikaanth | Co-Founder @ greenlyst.app
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!

GDPR Webhook Method Types not defined on the documentation

Shopify Community

Support

Shopify

Quick Links