Can anyone please explain how to implement webhook customers/data_request? In customers-data_request documentation its mentioned that
It's your responsibility to provide this data to the store owner directly.
When I clicked REQUEST CUSTOMER DATA from dashboard customer section, I got an email to store owner's email with information like customer, order etc with downloadable csv file links.
So while processing this webhook request what should I do?
Do you have a public app that is storing any of the PII information in your database/your servers? If no, there is nothing to be done. If yes, then you most probably already subscribed to some webhooks from this list - https://help.shopify.com/en/api/reference/events/webhook. GDPR web hooks are no different.
Once you receive the 'customers/data_request' message you have to send the store owner the information for the requested user and you can either automate this, or do it manually through email.
@Visely-Team Yes, I'm storing customer and order details. When I clicked on REQUEST CUSTOMER DATA, I already got an email in the store owner email. So do I need to send the details again?
The data you see being sent are Personal Identifiable Information (PII) related to the customer that Shopify stores on its side. Each third party app must send their own records on the customer to the store owner.
Couldn't you describe in what way should I return the requested data?
From this article: https://shopify.dev/concepts/trust-and-security/gdpr#customers-redact
`It's your responsibility to provide this data to the store owner directly`
Is it mean I should send an email to the store owner with a prepared response or just return the data in the webhook?
@vadymds you should provide the merchant with all the data you have on record for the customer that requested the data. It's the merchant responsibility to pass that information further. You don't have to send anything in response for the webhook.
Would be great if the GDPR webhook docs would just say this. Feels weird to always have to come to the community forums to get clarification. Thanks for the info!
We use Shopify API to fetch customers data in our application. When we receive 'customers/data_request' how can we identify merchant email to be notified?, when by oauth flow
we got only accesstoken no other information.
You are able to identify the merchant email by querying the shop endpoint: https://shopify.dev/api/admin-rest/2022-07/resources/shop
But how do I query the shop in the webhook? I need a session to access that resource, but I don't have a session inside of the webhook. `