Appearance
Online Data
Online Data submits removal requests to data brokers on the user's behalf. Every call is app-authenticated — obtain an app token via SSO first. The account's plan must include the Online Data product.
Flow overview
All calls send Authorization: Bearer {app_token}.
1. Create or update the removal profile
http
POST /api/v1/delete-my-data
Authorization: Bearer {app_token}
Content-Type: application/json
{
"first_name": "John",
"last_name": "Doe",
"email": "john.doe@example.com",
"phone": "+46701234567",
"street": "Testgatan 1",
"zip": "11122",
"city": "Stockholm"
}Read or update the profile:
http
GET /api/v1/delete-my-data
PUT /api/v1/delete-my-dataRequired fields follow the integration spec for your API version — only omit a field when the schema marks it optional.
2. Status and sites
http
GET /api/v1/delete-my-data/status
GET /api/v1/delete-my-data/sites3. Scan the brokers
http
POST /api/v1/delete-my-data/scan
GET /api/v1/delete-my-data/scan/statusRetry a single failed site:
http
POST /api/v1/delete-my-data/scan/{siteId}/retrySite statuses
GET /api/v1/delete-my-data/scan/status returns one entry per site under sites[]. Each site carries two independent status dimensions.
1. Scan status — sites[].scan_result.status, where the scan stands for that site:
| Status | Meaning |
|---|---|
SCAN_NOT_STARTED | No scan has run for this site yet. |
SCAN_INITIATED | A scan is queued or in progress. |
SCAN_FAILED | The scan failed — retry with POST .../scan/{siteId}/retry. |
SCAN_COMPLETED | The scan finished — check is_data_found and comparison. |
When is_data_found is true, scan_result.data is an object of the matched personal data (firstName, lastName, email, ssn, phone, street, zip, city); otherwise it is an empty array ([]).
2. Removal status — sites[].removal_requests[].status, where a deletion request stands once you submit one for that site:
| Status | Meaning |
|---|---|
POA_SENT_TO_SITE | The deletion request / power of attorney was sent to the site. |
USER_MANUAL_INSTRUCTIONS_SENT | The site requires manual user action; see manual_instructions. |
DATA_REMOVED_VERIFIED | The data was confirmed removed from the site. |
DATA_REAPPEARED_DETECTED | Previously removed data was detected again on the site. |
can_send_deletion_request on each site indicates whether a removal request can be submitted for it yet. A site only appears in removal_requests[] once a request exists, so an empty array means none has been raised.
4. Legal signature (user action)
Initiate signing — typically opens a BankID-style flow in your UI:
http
POST /api/v1/delete-my-data/signatures/initiatePoll signing state:
http
GET /api/v1/delete-my-data/signature/status
GET /api/v1/delete-my-data/signature-order5. Submit and track removals
http
POST /api/v1/delete-my-data/removal-requests
GET /api/v1/delete-my-data/removal-requests
GET /api/v1/delete-my-data/eventsTearing down
To remove the profile entirely:
http
DELETE /api/v1/delete-my-dataCRM tokens cannot call Online Data
Online Data is strictly app-scoped. Your backend must hold the user's app token, or run the signing step in a user-facing web view.
Next step
Alarms — monitor identity events alongside Online Data.