Data Regulation API
Detailed technical documentation on the RudderStack Data Regulation API for suppressing and deleting user data.
Last updated
Was this helpful?
Detailed technical documentation on the RudderStack Data Regulation API for suppressing and deleting user data.
Last updated
Was this helpful?
RudderStack's Data Regulation API lets you specify regulations to suspend data collection and delete data for a particular user.
This guide covers the data regulation feature in detail and details the Data Regulation API endpoints.
The Data Regulation API is applicable only for the destinations configured to sent events using the RudderStack cloud mode.
RudderStack respects the users' data privacy choices.
You can leverage RudderStack's data regulation feature to suppress any incoming data for a given user. RudderStack will drop the events for that user at the source - these events will not be shown in any debugger or forwarded to any destinations.
You can also use this feature to direct RudderStack to suppress any incoming events for a user and delete any collected data for a given destination.
Once a user is suppressed, it is not possible to replay their events.
You need to generate a personal access token to authenticate the Data Regulation API and use it successfully.
The Data Regulation API uses the Bearer Token Authentication for authenticating all the requests.
The Personal Access Token should be used as the bearer token for authentication.
This request lets you add a new data regulation to suppress/suppress and delete a given user's data.
Request type: POST
Request format:
Request body:
Request type: POST
Request format:
Request body:
RudderStack supports the suppress_with_delete
request for the following destinations:
regulationType
This field lets you define the data regulation type. It supports the following values:
suppress
Directs RudderStack to suppress the incoming user data.
suppress_with_delete
Directs RudderStack to suppress any incoming user data and delete any events from the user-specified destinations.
destinationIds
and sourceIds
You can set these optional fields to specify the sources or destinations from which the data should be suppressed or deleted.
Specify only sourceIds
when setting the regulationType
to suppress
. If no sourceIds
are specified, RudderStack will suppress data from all the sources present in the workspace associated with the access token.
Specify only destinationIds
when setting the regulationType
to suppress_with_delete
. If no destinationIds
are specified, RudderStack will delete the data for all the destinations present in the workspace.
Use the https://api.rudderstack.com/v2/sources
endpoint to get the source IDs.
Use the https://api.rudderstack.com/v2/destinations
endpoint to get the destination IDs.
Do not specify both sourceIds
and destinationIds
in your request body.
users
The API lets you specify the users for whom you want to set the data regulation. These users can be identified either by their userId
, phone
, or email
.
Only userId
is a mandatory field. The other fields are optional as some destinations require phone number or email to associate a given user and do not strictly identify a user by their user ID.
We recommend that you provide the user's phone
and email
at your own discretion and only if it is required.
Sample suppression request
Sample suppression with delete request
Expected response
This request lists all your data regulations.
Request type: GET
Request format:
Parameters:
after_cursor
String
Fetches the regulations after this position. This cursor position is obtained from the paging
object from the previous request. Refer to the sample response below for more information.
Sample request
Expected response
This request cancels an existing data regulation.
Request type: DELETE
Request format:
Parameters:
regulation_id
String
Refers to the ID of the data regulation to be cancelled.
Sample request:
For queries on any of the sections covered in this guide, you can contact us or start a conversation in our Slack community.