What's your biggest current challenge? Have your say in Community Polls along the right column.
Our Partner & Developer boards on the community are moving to a brand new home: the .dev community forums! While you can still access past discussions here, for all your future app and storefront building questions, head over to the new forums.

Re: GDPR mandatory webhooks - Can all the data request/erasure endpoints be the same?

Solved

GDPR mandatory webhooks - Can all the data request/erasure endpoints be the same?

Coalition_Dev
Visitor
1 0 0

Hi,

 

We're building an app on the Shopify platform and as a part of app submission, we're required to provide mandatory endpoints for GDPR purposes (customer data request, customer data erasure, and shop data erasure). The app that we're building only serves US merchants and also only accesses shop data. I found out from another forum post that even in this case we need to submit all three endpoints as they are mandatory.

 

My question is : Can all these endpoints be the same? Ex: "https://myappname.com/redact" . Since the request is made with specific JSON parameters, we can recognize the data received and act on the specific request appropriately. In each of the three cases (customer data request, customer data erasure, and shop data erasure), that endpoint will return 200s meeting Shopify platform's requirement on Webhooks. 

 

Thanks!

Accepted Solution (1)

Visely-Team
Shopify Partner
1843 210 488

This is an accepted solution.

Absolutely, you can have the same endpoint serving all three requests. Doing that for more than a year now, so no worries.

Sergiu Svinarciuc | CTO @ visely.io
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!
- To learn more about the awesome stuff we do head over to visely.io or our blog

View solution in original post

Reply 1 (1)

Visely-Team
Shopify Partner
1843 210 488

This is an accepted solution.

Absolutely, you can have the same endpoint serving all three requests. Doing that for more than a year now, so no worries.

Sergiu Svinarciuc | CTO @ visely.io
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!
- To learn more about the awesome stuff we do head over to visely.io or our blog