Adyen Data Protection API

Name: Adyen Data Protection API API
Brand: Adyen Data Protection API
Availability: InStock

✓ Official Vendor SpecSecurityComplianceapiKey, basic1 EndpointsREST

For Agents

Submit GDPR right-to-erasure requests to Adyen for a specific shopper, removing payment and personal data tied to past transactions and returning an audit reference.

Quickstart

Get started with Adyen Data Protection API in minutes using your preferred integration method.

# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
  "jentic": {
    "url": "https://api.jentic.com/mcp",
    "auth": "oauth"
  }
}

# Then ask your agent:
"submit a GDPR subject erasure request to Adyen"

# → Jentic returns the GET /events tool with parameter schema, agent executes.

Capabilities

What an agent can do with Adyen Data Protection API API.

Submit a GDPR Subject Erasure Request against a specific shopper or PSP reference

Receive an Adyen-generated request reference for audit logging and downstream tracking

Trigger erasure across linked payment, address, and shopper email records held by Adyen

Authenticate erasure submissions with X-API-Key or basic auth web service user credentials

GET STARTED

Start building with Adyen Data Protection API API

Explore with Jentic

View OpenAPI Spec

Use Cases

Patterns agents use Adyen Data Protection API API for, with concrete tasks.

★ GDPR Right-to-Erasure Workflow

Honour Article 17 right-to-be-forgotten requests by forwarding shopper data deletions to Adyen as part of a wider data erasure pipeline. The single /requestSubjectErasure operation accepts a merchantAccount, shopperReference, and optional pspReference list, and returns the request status with an Adyen-side reference. The merchant remains responsible for orchestrating erasures across other systems (CRM, email, analytics) but the API removes the Adyen footprint.

POST /requestSubjectErasure with merchantAccount TestMerchant and shopperReference cust_8421, then log the returned response code and reference in the privacy ledger

Customer Account Closure Pipeline

Tie Adyen data erasure into the workflow that runs when a customer permanently closes their account on a merchant platform. Once outstanding obligations and refunds are settled, the closure pipeline calls /requestSubjectErasure to remove saved card tokens, billing addresses, and shopper email data from Adyen. The returned reference is stored as evidence of compliance for the retention period required by the merchant's privacy policy.

After confirming the customer has no open balances, POST /requestSubjectErasure for shopperReference cust_3092 and store the response in the privacy_audit table for at least seven years

AI Agent Privacy Compliance

AI agents that handle inbound privacy requests can submit Adyen erasures through Jentic without holding raw API credentials. The agent searches for 'submit a GDPR erasure request' via Jentic, receives the /requestSubjectErasure schema with required merchantAccount and shopperReference fields, executes the call, and returns the resulting reference to the privacy team for audit. Credentials remain isolated in the Jentic vault throughout.

Search Jentic for 'submit Adyen subject erasure request', load the schema, then POST /requestSubjectErasure with the merchantAccount and shopperReference resolved from the privacy ticket

Key Endpoints

1 endpoints — submit gdpr subject erasure requests against shopper data held by adyen, including payment details, delivery addresses, and shopper email addresses tied to past transactions.

METHOD

PATH

DESCRIPTION

POST

/requestSubjectErasure

Submit a Subject Erasure Request against a shopper or PSP reference

POST

/requestSubjectErasure

Submit a Subject Erasure Request against a shopper or PSP reference

Why though Jentic?

Three things that make agents converge on Jentic-routed access.

Credential isolation

Adyen X-API-Key credentials are stored encrypted in the Jentic MAXsystem vault. Agents submit erasure requests through scoped tokens, so the raw API key never enters the agent's context, prompts, or logs.

Intent-based discovery

Agents search by intent ('submit a GDPR erasure request', 'delete shopper payment data') and Jentic returns the matching /requestSubjectErasure operation with its request schema and field validation.

Time to first call

Direct integration: 1-2 days for auth, schema mapping, and audit logging. Through Jentic: under 30 minutes — search, load schema, execute, persist the response reference.

Related APIs

Alternatives and complements available in the Jentic catalogue.

Complementary

Adyen Checkout API

The source of the shopper payment data that the Data Protection API later erases

Use Checkout to process payments and Data Protection to erase the resulting shopper records when a privacy request lands

Complementary

Adyen Management API

Manages the merchant accounts, users, and webhook subscriptions used by the wider platform

Use the Management API to configure merchant accounts and the Data Protection API to erase shopper data tied to those accounts

Alternative

Stripe API

Stripe handles GDPR erasure through its dashboard and Forget Customer mutation rather than a dedicated REST endpoint

Choose Stripe if your processor is already Stripe; Adyen Data Protection only applies to data Adyen holds

FAQs

Specific to using Adyen Data Protection API API through Jentic.

What authentication does the Adyen Data Protection API use?

The Data Protection API accepts an API key in the X-API-Key header or HTTP Basic authentication with web service user credentials. Generate the key from your Adyen Customer Area. Through Jentic, the X-API-Key value is held encrypted in the MAXsystem vault and agents authenticate with scoped tokens, so the raw key stays out of agent context.

Can I delete only specific transactions for a shopper?

Yes. POST /requestSubjectErasure accepts a pspReference list alongside the shopperReference, so you can scope the erasure to specific PSP references rather than every record tied to that shopper. Omitting pspReference triggers a broader erasure of records linked to the shopperReference.

What are the rate limits for the Data Protection API?

Rate limits are tied to your Adyen contract and are typically low because erasure is a low-volume operation. Excess requests return HTTP 429. For bulk migrations or large account closures, batch the work over time and contact your Adyen account manager if you need a temporary increase.

How do I submit an erasure request through Jentic?

Search Jentic for 'submit Adyen subject erasure request' to find the POST /requestSubjectErasure operation. Required fields are merchantAccount and shopperReference, with optional pspReference list and forceErasure flag. Jentic loads the schema and executes with vaulted credentials. Sign up at https://app.jentic.com/sign-up to get started.

Does an erasure request remove data from my own systems too?

No. The Data Protection API only triggers erasure of records held inside Adyen — payment details, shopper addresses, and emails tied to transactions. You remain responsible for erasing data in your CRM, analytics platform, email tooling, and any other downstream system that holds personal data.