gdpr api

Guide for gdpr api

Data Export API

Endpoint: GET /api/gdpr/export

Request

Headers: Authorization: Bearer <jwt_token>

Response (200 OK)

{
  "account": {
    "user_id": 123,
    "username": "player_name",
    "email": "player@example.com",
    "created_at": "2024-01-01T00:00:00Z",
    "last_login": "2024-12-01T12:00:00Z"
  },
  "characters": [
    {
      "character_id": 1,
      "name": "Hero",
      "level": 50,
      "created_at": "2024-01-05T00:00:00Z"
    }
  ],
  "inventory": [
    {"item_id": 101, "quantity": 5}
  ],
  "transactions": [
    {
      "transaction_id": "tx_001",
      "amount": 9.99,
      "date": "2024-11-15T10:00:00Z"
    }
  ],
  "login_history": [
    {"timestamp": "2024-12-01T12:00:00Z", "ip_address": "192.168.1.1"}
  ]
}

Account Deletion API

Endpoint: POST /api/gdpr/delete

Request

Headers: Authorization: Bearer <jwt_token>
Body:

{
  "confirmation": "DELETE_MY_ACCOUNT"
}

Response (200 OK)

{
  "message": "Account marked for deletion. All data will be anonymized within 30 days.",
  "deletion_scheduled_at": "2025-01-05T00:00:00Z"
}

Implementation Notes

Mark account as deleted_at timestamp
Anonymize PII: replace username/email with deleted_user_<id>
Retain anonymized data for analytics/auditing (90 days)
Send confirmation email to registered email address

gdpr api

GDPR Compliance

Data Export API

Request

Response (200 OK)

Account Deletion API

Request

Response (200 OK)

Implementation Notes