Suppress and delete user data in accordance with your user suppression policies.
Available Plans
enterprise
7 minute read
With RudderStack’s user suppression APIs, you can create regulations to suspend data collection and delete data for specific users. You can apply these regulations across multiple destination integrations simultaneously, simplifying the process of implementing compliance requests.
With these APIs, you can:
Add a suppression regulation: Drop the user events at the source. These events will not be available for debugging, replay, or forwarded to destinations.
The User Suppression API is a part of RudderStack’s Data Governance toolkit that ensures the quality and integrity of your data in a secure and compliant manner.
Authorization
The User Suppression API uses Bearer Authentication in the format Authorization: Bearer <PERSONAL_ACCESS_TOKEN>.
Use the base URL for your API requests depending on your region:
https://api.rudderstack.com
https://api.eu.rudderstack.com
Specifying source and destination IDs in your regulation
When creating user suppressions with our API, you may wish to name specific sources for a suppress regulation, and specific destinations for a suppress and delete regulation. To do so, you must first obtain the source and/or destination IDs.
Retrieving source and destination IDs
Retrieve source and destination IDs from your RudderStack dashboard or by using the /v2/sources and /v2/destinations endpoints:
For the above destinations, you can delete a user by specifying the userId in the event.
Except for Redis and S3 destinations, you can also specify a custom identifier (optional) in the event along with the userId.
Request body
regulationType
required
string
Defines the user suppression type. Can be one of suppress, which suppresses incoming user data or suppress_with_delete which suppresses and deletes events from your specified destinations.
Possible Values: suppress, suppress_with_delete
sourceIds
optional
array
Specify only sourceIds with the suppress regulation. If no sourceIds are specified, RudderStack will suppress data from all sources in the workspace associated with your access token.
destinationIds
optional
array
Specify only destinationIds with the suppress_with_delete regulation. Otherwise, RudderStack throws an error.
users
required
array
An array of user objects identifying users to be suppressed. The userId field is mandatory for all users. You can pass additional custom identifiers such as email in the users object.
Do not specify both sourceIds and destinationIds in your request body.
A successful response returns a 204 No Content status.
Rate Limits
Post regulation requests are rate limited.
Type
Limit (tokens per hour)
Suppression
4,000
Deletion
200,000
In the case of suppression, 1 user is equivalent to 1 token. For deletion, RudderStack calculates the number of tokens by multiplying the number of users with the number of destinations. For example, if there are n users with m destinations, the total number of tokens would be n * m.
Suppression across multiple sources
You can leverage the User Suppression API to suppress all incoming data for a given user. RudderStack drops the events for that user at the source of collection. Suppression applies across all sources, however you can also specify the specific sources you want to suppress.
When a user requests that their data be deleted, you can leverage the User Suppression API to delete user data across multiple downstream destinations like Amplitude, Braze, Redis, and others.
We are continually adding to the list of destinations supported for deletion. If you need a destination that is not yet supported, reach out to our team.
The User Suppression API can delete data only for destinations running in cloud mode.
FAQ
How is the User Suppression API helpful?
To comply with data regulation statutes and users’ privacy choices, you can use RudderStack’s User Suppression API to:
Suppress incoming source data for a user or list of users.
Delete collected data for users that reside in a given destination or across multiple destinations.
For example, if a user updates their preferences to opt-out of being tracked, you can implement a regulation in the User Suppression API that stops RudderStack from collecting their data at the source, and ensuring no data is sent to downstream destinations. Also, if the user requests to be forgotten, you can delete their data from multiple downstream destinations like Amplitude and Braze with one API call.
This site uses cookies to improve your experience while you navigate through the website. Out of
these
cookies, the cookies that are categorized as necessary are stored on your browser as they are as
essential
for the working of basic functionalities of the website. We also use third-party cookies that
help
us
analyze and understand how you use this website. These cookies will be stored in your browser
only
with
your
consent. You also have the option to opt-out of these cookies. But opting out of some of these
cookies
may
have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This
category only includes cookies that ensures basic functionalities and security
features of the website. These cookies do not store any personal information.
This site uses cookies to improve your experience. If you want to
learn more about cookies and why we use them, visit our cookie
policy. We'll assume you're ok with this, but you can opt-out if you wish Cookie Settings.