API Announcements

This would apply to anyone who is receiving and storing customer data through the API.

Are shop name and (xxx.myshopify.com) and email considered personal data?

I have a private app that uses the Admin API to work with my Shopify Storefront and Printful Fulfillment service.  I do not request or store any customer data on my servers at this time.  However, Printful does have customer data that is clearly collected from Shopify.

I assume that Printful is complying with this requirement.  Am I also required to do anything?

Thanks.

Are shop name and (xxx.myshopify.com) and email considered personal data?

No, this is customer data, not that of a Shopify Merchant.

I have a private app that uses the Admin API to work with my Shopify Storefront and Printful Fulfillment service. 

Yes Printful is required to comply, for private apps there is no action on these webhooks.  It's expected that if necessary merchants will relay the required info to be redacted to private app developers as private apps are considered an extension of the shop.

Ryan,

I could use some more clarification based on your last response on the thread.

My company handles data feeds for our clients. We haven't developed any Shopify apps, public or private. We only make use of the Admin API.

Will actions on these webhooks be required from us? Or, is this the Store's responsbility to handle and then relay those requests to us?

Let me know if I can clarify anything.

Thanks

Only public apps will have the ability to register for mandatory redact webhooks.  Any other usage of the data including private apps and integrations (which is sounds like you are) is the responsibility of merchant.

Thanks, Ryan!

Hi Ryan,

I have summarized a few questions below:

1) What will happen if we try to load an order for which the customer requested deletion.
Will order.customer be null? Or will it be non null with a customer id and all other personal fields null?

2) What is the purpose of the 48 hours delay?
 
3) When the customer order information is redacted, will the order/update webhook be triggered with missing customer details (e.g., a null customer_id, no billing/shipping address, email, or phone)?

This would be ideal because it would avoid every app implementing their own data cleaning methods and simply rely on Shopify to remove all personal details

4) Is it possible for a store to request a shop/redact request even through they have not uninstalled the app? That could lead to pretty weird scenarios where the app cannot function.

I do wonder why shop/uninstall is not enough and why we need another webhook like shop/redact...

It might have been easier to add a checkbox when the store uninstalls, which asks whether all data should be redacted. But maybe there is a good reason I don't know about? 

Hi Ryan,

Hope you're doing well! Any update on the implementation details about the "View Data" request? We are pretty close to the release date on August 25th and we need this information as soon as possible.

Thanks, Tony

1) What will happen if we try to load an order for which the customer requested deletion.
Will order.customer be null? Or will it be non null with a customer id and all other personal fields null?

Non-null with PII redacted.

2) What is the purpose of the 48 hours delay?

We have seen that if people uninstall an app by accident, or if they change their mind, they typically reinstall within 24h, so 48 is us taking into account some buffer time.
 

3) When the customer order information is redacted, will the order/update webhook be triggered with missing customer details (e.g., a null customer_id, no billing/shipping address, email, or phone)?

Yes,  webhooks are fired. The data isn't nulled out, it's redacted, anonymized

4) Is it possible for a store to request a shop/redact request even through they have not uninstalled the app? That could lead to pretty weird scenarios where the app cannot function.

There are multiple checks against this, so no, there would not be a redact if the app is not uninstalled.

 

I do wonder why shop/uninstall is not enough and why we need another webhook like shop/redact...

We couldn't add a 48 hour delay on the uninstall webhook.  And fundamentally they are different things, and apps will respond differently.

Any update on the implementation details about the "View Data" request?

I don't have any details on this there will be more shared when we have it.

Cheers,

Ryan

Hi Ryan,

Any update on the implementation details about the "View Data" request?

I don't have any details on this there will be more shared when we have it.

Can you please confirm whether this is actually expected to be implemented by August 25th then?  Something doesn't sound right if Shopify doesn't even have the specs worked out for starters.  Or am I misunderstanding when this is due? 

Thank Ryan, that's pretty much the answers I was hoping for.

We will commence testing shortly.

Actually, there is no way to test at this point right? Payloads are not sending yet...

Actually, there is no way to test at this point right?

I believe only shop/redact is sending at the moment.

I cannot find relevant webhook topic under https://mytestshop.myshopify.com/admin/settings/notifications > Webhooks... what topic should I chose to trigger sample webhooks?

Thanks.

I have implemented the webhooks and i have two questions:

1. There are 3 webhooks but at the App Setup page there are only two fields ( Customer data erasure endpoint  and Shop data erasure endpoint )
2. Why I get `Mandatory WebHook URL is invalid` on every save? It's a valid url and it's working (test it with PostMan)

I have these same exact questions.

I'm also recieving the "Mandatory WebHook URL is invalid" today. I'm not entirely sure why it's happening since the error doesn't say much. I don't think I changed anything in my app since last time it worked, so there's a chance it's on Shopify's end.

I don't have the third webhook because I assumed it got triggered by some scope or the "Read all orders" request. Maybe that's what's causing my failure? Idk but if someone figures it out, please share.

I am also receiving the "Mandatory WebHook URL is invalid" error.

The endpoints are valid, they active, and they are responding via my REST API testing app.

Edit: this appears to be working now

Hi Ryan,

As far as we can tell shop/redact is not being set. 

We set up our webhooks 10 days ago and haven't received a single one.

Do you know the status of this?

We just received our first shop/redact all of a sudden.

However, it was sent at the same time as app/uninstalled and not 48 hours later.

Hi Ryan,

I have implemented the webhooks customers/redact and shop/redact into my test store and requested to remove the customer data from the store and uninstalled the app from the store and waited for 48 hrs and got no request from shopify regarding these webhooks and I have put the screenshot of the same here. Is there any other dependencies that I have to consider? Kindly suggest.

Hello Ryan,

I see that some documentation for the view data requesst (customer/data_request) is already available at https://help.shopify.com/en/api/guides/gdpr-resources#customers-data_request

However, there's no information about how the response to that request should be.

Could you shed some light on the matter? Thanks in advance.

Regards,
   Jose Samper
   Code Black Belt
 

You only need to respond 200 OK to confirm receipt of the webhook.  Then you would take action on it.

Hi Ryan,

thank you very much for your response, that clarifies how to implement it.

However, I still don't know how to declare the URL for that webhook, in the app setup page there are only fields for 'Customer data erasure endpoint' and 'Shop data erasure endpoint' but not for the view data one.

Kind regards,
  Jose

Oh sorry, didn't see you were talnig about data_request. More information will follow on the 25th I believe, where you can add the address and what to do once you receive it.

Hi Ryan, quick question around the endpoints that need to be configured for the GDPR webhooks.

We're using the shopify_app Rails engine internally and rely on the shopify_app initializer to register the webhooks.

Do we need to implement new custom endpoints or are we able to rely on the engine instead?

We haven't received any webhooks in production from our testing, but locally in dev it all works correctly.

Cheers,

Jonny

Does this have anything to do with apps that are not public?  So far all of the apps I have built are for individual customers.

Hi Ryan,

In my app, I added an endpoint for Customer Data Erasure under App Setup -> Mandatory Webhooks, and processed erasure request as per this but I didn't receive any webhooks on my callback endpoint 

Please check the shared screenshot link:https://www.screencast.com/t/VVuukJN5

I have also tried to  configure those webhooks using Post man , but Invalid topic error are showing . Below is the URL path, and json payload I used to customers/redact topic,

Please check the shared screenhot link: https://www.screencast.com/t/WAvhCByhz

Thanks!

Same Problem here,

These webhooks are not available in shopify webhook list thats why we are getting invalid topic error but dont know how we are going to use it and how we are going to get Payloads?

Is shopify going to create these webhooks or something different thing is there?

Please read the linked information in the original post: https://help.shopify.com/en/api/guides/gdpr-resources#mandatory-webhooks

These webhooks help you manage the user data that an app collects. You can manage their subscriptions from your Partner Dashboard, in the App setup tab of your app settings:

Hi Ryan ,

I have received the "customers/data_request" webhook but not receive "customers/redact"

webhook ,how many time it will take after submit the remove customer  request

What is the recommended action upon receiving a customers/data_request request?

Send an email to the shop owner with the data?

Hey,

Joining in on Clement's questions regarding customer/data_request webhooks:

1. In what format does Shopify expect app developers to respond to these webhooks?

2. Should our response be sent back to the merchant's email (even though the customer requested this data)?

As per https://help.shopify.com/en/api/guides/gdpr-resources#mandatory-webhooks

When a customer requests their data from a store owner, Shopify sends a payload on the customers/data_request topic to the apps installed on that store. If your app has been granted access to customers or orders, then you receive a data request webhook with the resource IDs of the data that you need to provide to the store owner. It's your responsibility to provide this data to the store owner directly.

Hey Ryan,

Is there a specific format that this information should be sent in (e.g Excel spreadsheet, JSON, XML etc.)?

Ryan, guidance on format and wording would be great. I'm guessing all apps will need to do something very similar so it may as well be consistent for everyone's sake.

Hey All,

Theres no prescription for exactly how to implement the customers/data_request, but the recommended would be CSV format.  If there are multiple sheets, a .zip of the CSVs would be a good solution as well.

As for how to get it to the merchant, I'm sure we can all agree that e-mail is not a secure method of passing sensitive personal data.  One solution would be to surface a UI or page to download the information that is behind a login, this could be within app in shopify, or on your secure app webpage.

Hope that helps.

Hi Clement ,

Please check the shared screenshot link for  customers/data_request 

https://www.screencast.com/t/lgQAqkvEHJ

https://www.screencast.com/t/6ykBhp6j4

Ok, I was hoping for a bit more guidance but I guess that'll have to do. Thanks.

Hi Ryan,

Do you know when will Shopify send the app customers_redact webhook after the merchant clicking the 'delete customer data' on Shopify merchant console?

Previously the doc says 10 days later but now it is gone. And from my experiment, it is not sent immediately after asking for deleteing customer data. Thanks.

John

Hi Ryan,

Can you clarify the shop/redact part for us please. Because we confuse about the "erase personal data for an entire store" and "erase their customers' personal information".

 This webhook is intended to erase personal data for an entire store. 48 hours after a shop uninstalls your app, we will attempt to send you a shop/redact webhook. This webhook will provide the shop_id and shop_domain so that you can erase their customers’ personal information from your database. Similar to the customer redaction request, you should do so within 30 days.

Does this mean when a merchant uninstalls our app, we'll only need to erase the info of that merchant's customers (if available), or have to erase that merchant's personal information (including his name, store domain, email, address...) as well?

Thanks.

Hi Ryan,

Another question about customers/data_request. What should we do in case we don't have any customer/order data other than data already available in the customer profile/order details? Or we don't keep any order/customer data on our side at all (but still have an access to customers or orders)?

Should we send some confirmation to the store owner that we don't collect any additional data from that customer? Or we may just ignore such request in that case? Please advise.

Thanks,

Den