Delete a Shopper's Personal Data
Buy with Prime API is now available for early access
Sign up for early access to the Buy with Prime API using the 'Sign Up' button below. The API may change as Amazon receives feedback and iterates on it.
To create a data deletion request, you use the startPersonalDataDeletionTask mutation. In the request, you must provide the customer's email address.
You can optionally provide a clientToken to serve as an idempotency key that ensures that multiple identical requests are only processed once with an eight-hour period. This is particularly useful in scenarios where network issues might cause you to need to retry a request. If you don’t provide a clientToken, a default clientToken is generated for each request.
The response to the data deletion request contains a taskId, which you can provide to the personalDataDeletionlTask query if the customer later asks for an update on their data deletion request before you receive a data deletion event.
When you create a data deletion request, you can specify a holding period to initiate data deletion after a certain number of calendar days. The holding period can range from 0 to 180 calendar days. If you don't provide a holding period, the default value is 10 calendar days. During the holding period, you can Cancel a Data Deletion Request by calling the cancelPersonalDataDeletionTask mutation. At the end of the holding period, expect up to 30 calendar days of processing time before the request takes effect. Processing time begins only after the holding period ends. For example, for a request with the default holding period of 10 calendar days, followed by 30 calendar days of processing time, expect a total of 40 calendar days before the request takes effect.
The data deletion request fails if the customer has any open Buy with Prime orders. If you subscribed to data deletion events, you receive a PERSONAL_DATA_DELETION_TASK_FAILED event. In this case, you must resubmit the startPersonalDataDeletionTask request after all orders for that customer are closed.
Step 1: Subscribe to data deletion events
Follow the Steps to Subscribe to Buy with Prime Events to subscribe to the following events:
Step 2: Create a data deletion request
Create a data deletion request by using the startPersonalDataDeletionTask mutation. In the request, provide the following information:
- Customer's email address: (Required) The email address identifies the customer.
- Holding period: (Optional) When you create a data deletion request, you can specify a
holdingPeriodbefore the data will be deleted. The holding period can range from 0 to 180 calendar days. If you don’t specify a holding period, the default value is 10 calendar days. During the holding period, you can cancel the request by using thecancelPersonalDataDeletionTaskmutation. At the end of the holding period, expect up to 30 calendar days of processing time before the request takes effect. Processing time begins only after the holding period ends. For example, for a request with the default holding period of 10 calendar days, followed by 30 calendar days of processing time, expect a total of 40 calendar days before the request takes effect. - Client token: (Optional) The
clientTokenfield of the request serves as an idempotency key that ensures that multiple identical requests are only processed once with an eight-hour period. This is particularly useful in scenarios where network issues might cause you to need to retry a request. If you don’t provide aclientToken, a defaultclientTokenis generated for each request.
To avoid fulfillment issues, the data deletion request fails if the customer has any open Buy with Prime orders. In this case, the data isn't deleted and you receive a PERSONAL_DATA_DELETION_TASK_FAILED event. You must resubmit the startPersonalDataDeletionTask request after all orders for that customer are closed.
The following example shows a data deletion request with a holding period five calendar days before starting to process the request for the data to be deleted.
Request
// GraphQL mutation
mutation {
startPersonalDataDeletionTask(input: {
dataSubject: {
type: SHOPPER
email: "[email protected]"
}
holdingPeriod: 5
clientToken: "example-client-token"
}) {
taskId
}
}
Response
{
"data": {
"startPersonalDataDeletionTask": {
"taskId": "example-task-id"
}
}
}
Step 3: Receive a data deletion event
When you receive an event of type PERSONAL_DATA_DELETION_TASK_COMPLETED or PERSONAL_DATA_DELETION_TASK_FAILED, parse the resources array of the event to get the task ID. For details about how to interpret the resources array of an event, see Subscribe to Events.
For example, in the following event, the task ID is example-data-deletion-task-id.
{
"version": "0",
"id": "example-event-id",
"detail-type": "PERSONAL_DATA_DELETION_TASK_COMPLETED",
"source": "aws.partner/buywithprime/partner-event-source-name",
"account": "example-aws-account-id",
"time": "2023-10-27T12:34:56Z",
"region": "us-east-1",
"resources": [
"businessProduct/business-product-id/personalDataDeletionTask/example-data-deletion-task-id",
],
"detail": {}
}
Step 4: Query the data deletion task
Call the personalDataDeletionTask query, providing the task ID that you found in the resources array of the event in the previous step.
The way you handle the response depends on whether the data deletion request succeeded (the event was PERSONAL_DATA_DELETION_TASK_COMPLETED) or failed (the event was PERSONAL_DATA_DELETION_TASK_FAILED):
- If the data deletion request succeeded, you might choose to notify the customer of the successful deletion of their data.
- If the data deletion request failed, the response to the
personalDataDeletionlTaskquery includes anerrorsarray where you can find information about why the request failed.
Related topics
Updated about 2 months ago