GDPR / CCPA API ensures all the rights of users are created or updated for GDPR / CCPA compliance. You can erase the personal data of specific users as defined under GDPR using the Erase API.

For more details on GDPR Compliance with MoEngage, refer to GDPR-Implementation.

For more details on CCPA Compliance with MoEngage, refer to CCPA-Implementation.

API Endpoint


Each customer is hosted on a different data center, you can find your data center number (value of X), by checking the data center and API endpoint mapping page here.



The APP_ID for your MoEngage account is available on the MoEngage Dashboard in Settings > App Settings > Account Settings > APP ID.

Request Headers


Erase API uses basic authentication to control access to your data.

Basic authentication sends a Base64-encoded string containing username and password for all API requests.

Username and password are available at Settings > APIs > DATA API Settings.

Do the following when you are using the API for the first-time authentication:

  1. Navigate to Settings > APIs > DATA API Settings.
  2. Click Generate Key
  3. Save the details on the Data APIs settings page. User name - DATA API ID Password - DATA API KEY

For example, basic Authentication encodes a 'username:password' using base64 and prepends it with the string 'Basic '. The string is passed in the authorization header as follows:
{"Authorization":"Basic bmF2ZWVua3VtYXI6bW9lbmdhZ2U="}


Authentication is performed using a client like Postman as follows:


Content-Type Header

The content-Type header is mandatory and is set to 'application/json' as follows:

{"Content-Type": "application/json"}

Request body

APP ID Header

Get the APP ID from the MoEngage dashboard under the path: Settings > App Settings > Account Settings > APP ID and send in the header as follows:


Request body

There is a max limit of 100kb per request.

Request Body Fields

Key Description Mandatory
request_type This is used to request for GDPR details or request to erase the GDPR details Yes
submitted_time This identifies the time when the request was sent Yes
identities This provides the details of the user such as email address, phone number, and so on Yes
api_version This identifies the API version used to send the GDPR request. Yes
id This is the unique identifier of a registered user. No
user_secondary_id This is the secondary identifier of a registered user. No
email This is the user email of an unregistered user. No
mobile This is the user mobile of an unregistered user. No
google_advertising_id This is the android device GAID of an unregistered user. No
advertising_identifier This is the iOS device IDFA of an unregistered user No


The response is a JSON object.

GDPR request success

On a successful call, the response is as follows:

  "status": "success",
  "message": "Your request has been accepted and will be processed soon.",
  "request_id": "a7551968-d5d6-44b2-9831-815ac9017798"


The following example describes the request to erase personal data.



Was this article helpful?
0 out of 0 found this helpful