BizKitHub
DocsInteractive API Docs/api/v1/customer/export-gdpr
get

/api/v1/customer/export-gdpr

Returns an application/zip archive with every personal data point the organisation holds about the customer identified by identityId — profile, addresses, company record, additional e-mails, consent audit trail, orders, invoices, subscriptions, comments, and the system activity log. Companion README.md and index.html are rendered in the customer’s preferred language. Internal identifiers, hashes and other non-personal data are deliberately omitted.

How to call this endpoint safely

The apiKey is an organisation-wide secret — exposing it in the browser would let anyone export anyone’s data. Treat this endpoint as server-to-server only:

  1. The customer authenticates against your application (e.g. via /customer/login or /customer/magic-auth) and you obtain their short-lived identityId.
  2. When the customer requests their data export, your backend (never the browser) calls this endpoint with the secret apiKey and the customer’s identityId.
  3. The endpoint verifies that the identity belongs to a customer in the same organisation as the API key — a mismatch is logged as a critical security event and the request is rejected.
  4. Your backend then proxies the binary response to the end user, typically by streaming the body straight back with the same Content-Disposition header, or by storing it briefly and serving a one-time download URL.

This indirection keeps the API key on your server and lets you layer your own checks (rate limits, audit logging, a second-factor confirmation, etc.) before honouring the request — the endpoint itself enforces only the organisation/identity binding.

Endpoint Info
Base URLapi.bizkithub.com
AuthBearer Token
Methods1
Authentication Required

This endpoint requires a valid API key passed as a query parameter or Bearer token.

Get your API key

Parameters

2 query parameters

apiKeystringrequired

Your BizKitHub API key (passed as GET parameter).

Key format: A 32-character string matching: ^(PROD|DEV_|ROOT)[A-Za-z0-9]{28}$
Prefixes: PROD (production key), DEV_ (individual developer), ROOT (system key with no limits). Learn more

identityIdstringrequired

Logged user identity (from your frontend cookies). Learn more

Example Request

JavaScript fetch

const response = await fetch("https://api.bizkithub.com/api/v1/customer/export-gdpr?apiKey=PRODPGrFxpGEtrOZfuWhnoJohUYBXuOE&identityId=Z9CPkS2o3UV163VQn5OUv0T8BQi8Fvdg", {
  method: "GET",
  headers: {
    "Content-Type": "application/json"
  }
});

const data = await response.json();
console.log(data);
get

Example Response

200Success
{
  "success": true
}

cURL

Command line example

curl -X GET "https://api.bizkithub.com/api/v1/customer/export-gdpr?apiKey=PRODPGrFxpGEtrOZfuWhnoJohUYBXuOE&identityId=Z9CPkS2o3UV163VQn5OUv0T8BQi8Fvdg" \
  -H "Content-Type: application/json"

Need an API key?

All BizKitHub API endpoints require authentication via API key.

Get API Key
Back to API DocumentationAPI Reference