We're making some changes to the new GDPR endpoints recently released into beta for the CRM Contact Object API. We currently have two separate endpoints for handling GDPR deletions for contact records; one that uses the email address and one that uses a contact ID.

We're replacing these endpoints with a single endpoint that will support both ways of identifying a contact record. This new endpoint will be more in line with other endpoints in the CRM API v3.

What's changing?

The new endpoint has the following differences from the current endpoints:

• The new HTTP method will be POST (instead of DELETE)
• The new path will be /v3/objects/contact/gdpr-delete
• The ID of the record will go in the POST body, using the objectId property:
  • When identifying a record by its ID, only the ID needs to be included:
    • {"objectId": "123"}
  • When identifying a record by email, the idProperty property is also required:
    • {"idProperty": "email","objectId": "test@hubspot.com"}

Similar to the current endpoint for email, if an email address is used that doesn't match an existing contact record, the email will be added to a blocklist preventing the email from being used in the future.

With the release of this new endpoint, the two existing GDPR endpoints will be removed, and will no longer function.

When is this happening?

This change will go live on Monday, September 27th. After this, any requests made to the current endpoints will return 404 errors. Please keep in mind that these endpoints are still in beta, may be subject to change, and should not be used in a production environment yet.

Please let us know if you have any questions by replying below.