Skip to content
Create account or Sign in
The Stripe Docs logo
/
Create accountSign in

Redaction API integration guidePrivate preview

Redact personal data on objects to comply with right to be forgotten requests.

Caution

This feature is in private preview and subject to change.

The Redaction API allows you to redact individual resources to remove user access to personal data such as a customer’s name and address. This also redacts data on related objects such as events and request logs.

For each resource type, programmatically search for a list of IDs associated with the target customer, and call the corresponding /redact API endpoint. The redaction process can take up to 7 days to redact all requested data. When the redaction process is in progress, the entity’s redaction.status field is set to processing. When the process completes, the status changes to redacted.

Redaction is irreversible. You can still access redacted objects using the Stripe API and Stripe Dashboard. The string [redacted] or a similar placeholder replaces fields that contain personal data. The metadata field is also redacted. You can’t update redacted objects or use them for any purpose.

The Redaction API is currently available with invite to users. User feedback and usage actively defines the roadmap for the API.

Find objects to redact

The first step is to list all API objects that include customer data to redact.

If you don’t maintain an internal mapping of all Stripe objects associated with a customer in your internal database, you can use the Stripe API, the Stripe Dashboard, or Sigma to find these objects. The list of object types to redact depends on your integration with Stripe. The most common object types to consider are:

  • Transactional objects that include customer data (charges, PaymentIntents, VerificationSessions)
  • Payment method objects (cards)
  • Objects that represent your customers (customer, cardholders)

Store the IDs of objects to redact and move to step 2.

If you map Stripe objects to your own representation of user accounts in your internal database, we recommend that you use this mapping to quickly find all objects to redact.

Find objects with the Stripe Dashboard

In the Stripe Dashboard follow these steps:

  • Enter the customer’s personal data (name or email) in the search bar
  • Search the results of all objects associated with this name or email address
  • Export the object IDs for each object type with the Export button.

Find objects relating to guest customers

There isn’t an API to retrieve guest customers.

Search for the customer (using an identifier like email or name) in the Stripe Dashboard search box and include the string is:guest, then view all results.

jane@example.com is:guest

Find objects relating to Verification Sessions

There isn’t an API to filter for verification sessions based on customer information.

Search for the customer (using an identifier like email or name) in the Stripe Dashboard search box and include the string is:verification_session, then view all results.

jane@example.com is:verification_session

Find objects with the API

Find objects by customer ID

List each object of a given type associated with a customer ID.

Command Line
cURL
Stripe CLI
Ruby
Python
PHP
Java
Node.js
Go
.NET
No results
curl -G https://api.stripe.com/v1/charges \
  -u "
sk_test_BQokikJOvBiI2HlWgH4olfQ2
:" \
  -d customer=cus_xxxxxxxxx

Below are the API commands to use for finding objects associated with a customer ID:

Find objects related to cardholders and cards

There are two options for finding and redacting cards and cardholders.

The simplest option is to find and redact the cardholder, which redacts all of the associated cards. Alternatively, you can find all of the card objects associated with the cardholder manually.

List cardholders objects (/v1/issuing/cardholders) for a customer using their personal data (email address or name)

Command Line
cURL
Stripe CLI
Ruby
Python
PHP
Java
Node.js
Go
.NET
No results
curl -G https://api.stripe.com/v1/issuing/cardholders \
  -u "
sk_test_BQokikJOvBiI2HlWgH4olfQ2
:" \
  --data-urlencode email="jane@example.com"

List cards (/v1/issuing/cards) belonging to the cardholders from the list above.

Command Line
cURL
Stripe CLI
Ruby
Python
PHP
Java
Node.js
Go
.NET
No results
curl -G https://api.stripe.com/v1/issuing/cards \
  -u "
sk_test_BQokikJOvBiI2HlWgH4olfQ2
:" \
  -d cardholder=ich_xxxxxxxxx

Find objects relating to Radar value list items

Radar users who have entered customer details into their rules need to find associated value list items.

List the Radar value lists (/v1/radar/value_lists), and filter for those that contain an identifier for the data subject (for example, the customer’s email address).

Command Line
cURL
Stripe CLI
Ruby
Python
PHP
Java
Node.js
Go
.NET
No results
curl -G https://api.stripe.com/v1/radar/value_lists \
  -u "
sk_test_BQokikJOvBiI2HlWgH4olfQ2
:" \
  --data-urlencode contains="jane@example.com"

Later redact each of the rsli_... ids in the list_items results.

Redact each object

Build a script to call the /redact endpoint for each object found above.

This asynchronously redacts the object and dependent objects across all product surfaces (Stripe API, Stripe Dashboard, reports). Redaction typically happens within minutes, but can take up to seven days for certain objects (for example, existing CSV reports).

The redaction API is currently in beta and isn’t yet supported by Stripe’s client libraries. Make the HTTP request directly using curl or a similar tool. When making the curl request you must include the beta version as part of the Stripe-Version header.

Command Line
cURL
No results
curl -X POST https://api.stripe.com/v1/payment_intents/pi_xxxxxxxxx/redact \
  -u "
sk_test_BQokikJOvBiI2HlWgH4olfQ2
:" \
  -H "Stripe-Version: 2026-01-28.clover; redaction_api_beta=v1;"

The endpoint returns a success (200) or failure (400) response:

{
  "id": "pi_xxxxxxxxx",
  "description": "[redacted]",
  "receipt_email": "[redacted]",
    "redaction": {
      "status": "processing"
    },
...
}

Note

Some objects in transitory states can’t be redacted

  • PaymentIntents in processing states can’t be redacted and return a 400 response (for example, bank debits that have a long success confirm time window). You must wait until the PaymentIntent transitions to succeeded or requires_payment_method to redact it
  • Refunds in a pending state can’t be redacted. You must also wait for the Refund to succeed or fail before you redact the associated transaction object
  • Disputes that are in progress (status is submitted or unsubmitted) can’t be redacted. You must wait for the dispute to complete before redacting the associated object

Warning

Refunds and disputes Redacted transactions can not be refunded with the Refunds API. If your customer requests to redact their data and refund a transaction, first refund the payment and then redact the API object.

Customers can dispute redacted transactions. Due to this, there is a 90 day dispute window before transactions are eligible for redaction. Stripe by default marks disputes on redacted transactions as lost (Dispute is created with status: ‘lost’) and you aren’t able to respond to this dispute. This is because responding to disputes requires to prove with customer data the legitimacy of the order (for example, user communications, web logs, personal address on shipping label).

Redact a charge

Command Line
cURL
No results
curl -X POST https://api.stripe.com/v1/charges/ch_xxxxxxxxx/redact \
  -u "
sk_test_BQokikJOvBiI2HlWgH4olfQ2
:" \
  -H "Stripe-Version: 2026-01-28.clover; redaction_api_beta=v1;"

Redact a PaymentIntent

/v1/payment_intents/pi_…/redact

Command Line
cURL
No results
curl -X POST https://api.stripe.com/v1/payment_intents/pi_xxxxxxxxx/redact \
  -u "
sk_test_BQokikJOvBiI2HlWgH4olfQ2
:" \
  -H "Stripe-Version: 2026-01-28.clover; redaction_api_beta=v1;"

Redact a SetupIntent

Command Line
cURL
No results
curl -X POST https://api.stripe.com/v1/setup_intents/si_xxxxxxxxx/redact \
  -u "
sk_test_BQokikJOvBiI2HlWgH4olfQ2
:" \
  -H "Stripe-Version: 2026-01-28.clover; redaction_api_beta=v1;"

Redact an invoice

/v1/invoices/in_…/redact

Command Line
cURL
No results
curl -X POST https://api.stripe.com/v1/invoices/in_xxxxxxxxx/redact \
  -u "
sk_test_BQokikJOvBiI2HlWgH4olfQ2
:" \
  -H "Stripe-Version: 2026-01-28.clover; redaction_api_beta=v1;"

Redact a Checkout Session

/v1/checkout/sessions/ppage_…/redact

Command Line
cURL
No results
curl -X POST https://api.stripe.com/v1/checkout/sessions/ppage_xxxxxxxxx/redact \
  -u "
sk_test_BQokikJOvBiI2HlWgH4olfQ2
:" \
  -H "Stripe-Version: 2026-01-28.clover; redaction_api_beta=v1;"

Redact a Radar value list item

Command Line
cURL
No results
curl -X POST https://api.stripe.com/v1/radar/value_list_items/rsli_xxxxxxxxx/redact \
  -u "
sk_test_BQokikJOvBiI2HlWgH4olfQ2
:" \
  -H "Stripe-Version: 2026-01-28.clover; redaction_api_beta=v1;"

Redact a VerificationSession

/v1/identity/verification_sessions/vs_…/redact

Command Line
cURL
No results
curl -X POST https://api.stripe.com/v1/identity/verification_sessions/vs_xxxxxxxxx/redact \
  -u "
sk_test_BQokikJOvBiI2HlWgH4olfQ2
:" \
  -H "Stripe-Version: 2026-01-28.clover; redaction_api_beta=v1;"

In addition to the API, guest customers have a redact button in the Stripe Dashboard under the three dots when viewing them.

Redact a card

/v1/issuing/cards/ic_…/redact

Command Line
cURL
No results
curl -X POST https://api.stripe.com/v1/issuing/cards/ic_xxxxxxxxx/redact \
  -u "
sk_test_BQokikJOvBiI2HlWgH4olfQ2
:" \
  -H "Stripe-Version: 2026-01-28.clover; redaction_api_beta=v1;"

Redact a cardholder

/v1/issuing/cardholders/ich_…/redact

Command Line
cURL
No results
curl -X POST https://api.stripe.com/v1/issuing/cardholders/ich_xxxxxxxxx/redact \
  -u "
sk_test_BQokikJOvBiI2HlWgH4olfQ2
:" \
  -H "Stripe-Version: 2026-01-28.clover; redaction_api_beta=v1;"

Redact a guest customer

Command Line
cURL
No results
curl -X POST https://api.stripe.com/v1/guest_customers/gcus_xxxxxxxxx/redact \
  -u "
sk_test_BQokikJOvBiI2HlWgH4olfQ2
:" \
  -H "Stripe-Version: 2026-01-28.clover; redaction_api_beta=v1;"

In addition to the API, guest customers have a redact button in the Stripe Dashboard under the three dots when viewing them.

Delete each object representing the customer

Delete the Customer.

For this operation to succeed, you must redact all transactional objects associated with the customer.

Redacting Customers with active Subscriptions

Subscription objects don’t store customer PII and therefore can’t be redacted.

When a Customer with an active subscription requests for their data to be redacted, you need to:

  1. Cancel the subscription: Stripe::Subscription.delete('sub_xxxxxxxxx')
  2. Redact each previous Invoice created by the Subscription
  3. Delete the Customer object attached to this Subscription