/api/v1/customer/export-gdpr
Returns an application/zip archive with every personal data point the organisation holds about the customer identified by identityId — profile, addresses, company record, additional e-mails, consent audit trail, orders, invoices, subscriptions, comments, and the system activity log. Companion README.md and index.html are rendered in the customer’s preferred language. Internal identifiers, hashes and other non-personal data are deliberately omitted.
How to call this endpoint safely
The apiKey is an organisation-wide secret — exposing it in the browser would let anyone export anyone’s data. Treat this endpoint as server-to-server only:
- The customer authenticates against your application (e.g. via
/customer/loginor/customer/magic-auth) and you obtain their short-livedidentityId. - When the customer requests their data export, your backend (never the browser) calls this endpoint with the secret
apiKeyand the customer’sidentityId. - The endpoint verifies that the identity belongs to a customer in the same organisation as the API key — a mismatch is logged as a critical security event and the request is rejected.
- Your backend then proxies the binary response to the end user, typically by streaming the body straight back with the same
Content-Dispositionheader, or by storing it briefly and serving a one-time download URL.
This indirection keeps the API key on your server and lets you layer your own checks (rate limits, audit logging, a second-factor confirmation, etc.) before honouring the request — the endpoint itself enforces only the organisation/identity binding.
Parameters
2 query
apiKeystringRequiredYour BizKitHub API key (passed as GET parameter).
Key format: A 32-character string matching: ^(PROD|DEV_|ROOT)[A-Za-z0-9]{28}$
Prefixes: PROD (production key), DEV_ (individual developer), ROOT (system key with no limits). Learn more
identityIdstringRequiredLogged user identity (from your frontend cookies). Learn more
Request
GET /api/v1/customer/export-gdpr
curl -X GET "https://api.bizkithub.com/api/v1/customer/export-gdpr?apiKey=PRODPGrFxpGEtrOZfuWhnoJohUYBXuOE&identityId=Z9CPkS2o3UV163VQn5OUv0T8BQi8Fvdg" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_API_KEY"Response
JSON payload
{
"success": true
}All response codes
1 status code documented
Need an API key?
All BizKitHub API endpoints require authentication via API key.