GDPR mandatory webhooks - Can all the data request/erasure endpoints be the same?

New Member
1 0 0



We're building an app on the Shopify platform and as a part of app submission, we're required to provide mandatory endpoints for GDPR purposes (customer data request, customer data erasure, and shop data erasure). The app that we're building only serves US merchants and also only accesses shop data. I found out from another forum post that even in this case we need to submit all three endpoints as they are mandatory.


My question is : Can all these endpoints be the same? Ex: "" . Since the request is made with specific JSON parameters, we can recognize the data received and act on the specific request appropriately. In each of the three cases (customer data request, customer data erasure, and shop data erasure), that endpoint will return 200s meeting Shopify platform's requirement on Webhooks. 



Shopify Partner
1825 211 381

This is an accepted solution.

Absolutely, you can have the same endpoint serving all three requests. Doing that for more than a year now, so no worries.

Sergiu Svinarciuc | CTO @
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!
- To learn more about the awesome stuff we do head over to or our blog
1 Like