# Redaction API integration guide

Redact personal data on objects to comply with right to be forgotten requests.

> This feature is in private preview and subject to change.

The Redaction API allows you to redact individual resources to remove user access to personal data such as a customer’s name and address. This also redacts data on related objects such as events and request logs.

For each resource type, programmatically search for a list of IDs associated with the target customer, and call the corresponding `/redact` API endpoint. The redaction process can take up to 7 days to redact all requested data. When the redaction process is in progress, the entity’s redaction.status field is set to `processing`. When the process completes, the status changes to `redacted`.

Redaction is irreversible. You can still access redacted objects using the Stripe API and Stripe Dashboard. The string `[redacted]` or a similar placeholder replaces fields that contain personal data. The metadata field is also redacted. You can’t update redacted objects or use them for any purpose.

The Redaction API is currently available with invite to users. User feedback and usage actively defines the roadmap for the API.

## Find objects to redact

The first step is to list all API objects that include customer data to redact.

If you don’t maintain an internal mapping of all Stripe objects associated with a customer in your internal database, you can use the Stripe API, the Stripe Dashboard, or Sigma to find these objects. The list of object types to redact depends on your integration with Stripe. The most common object types to consider are:

- Transactional objects that include customer data (charges, PaymentIntents, VerificationSessions)
- Payment method objects (cards)
- Objects that represent your customers (customer, cardholders)

Store the IDs of objects to redact and move to step 2.

If you map Stripe objects to your own representation of user accounts in your internal database, we recommend that you use this mapping to quickly find all objects to redact.

### Find objects with the Stripe Dashboard

In the Stripe Dashboard follow these steps:

- Enter the customer’s personal data (name or email) in the search bar
- Search the results of all objects associated with this name or email address
- Export the object IDs for each object type with the Export button.

#### Find objects relating to guest customers

There isn’t an API to retrieve guest customers.

Search for the customer (using an identifier like email or name) in the Stripe Dashboard search box and include the string `is:guest`, then view all results.

`jane@example.com is:guest`

#### Find objects relating to Verification Sessions

There isn’t an API to filter for verification sessions based on customer information.

Search for the customer (using an identifier like email or name) in the Stripe Dashboard search box and include the string `is:verification_session`, then view all results.

`jane@example.com is:verification_session`

### Find objects with the API

#### Find objects by customer ID

List each object of a given type associated with a customer ID.

```curl
curl -G https://api.stripe.com/v1/charges \
  -u "<<YOUR_SECRET_KEY>>:" \
  -d customer=cus_xxxxxxxxx
```

Below are the API commands to use for finding objects associated with a customer ID:

- [/v1/charges](https://docs.stripe.com/api/charges/list.md)
- [/v1/payment_intents](https://docs.stripe.com/api/payment_intents/list.md)
- [/v1/setup_intents](https://docs.stripe.com/api/setup_intents/list.md)
- [/v1/invoices](https://docs.stripe.com/api/invoices/list.md)
- [/v1/checkout/sessions](https://docs.stripe.com/api/checkout/sessions/list.md)

#### Find objects related to cardholders and cards

There are two options for finding and redacting cards and cardholders.

The simplest option is to find and redact the cardholder, which redacts all of the associated cards. Alternatively, you can find all of the card objects associated with the cardholder manually.

List cardholders objects ([/v1/issuing/cardholders](https://docs.stripe.com/api/issuing/cardholders/list.md)) for a customer using their personal data (email address or name)

```curl
curl -G https://api.stripe.com/v1/issuing/cardholders \
  -u "<<YOUR_SECRET_KEY>>:" \
  --data-urlencode "email=jane@example.com"
```

List cards ([/v1/issuing/cards](https://docs.stripe.com/api/issuing/cards/list.md)) belonging to the cardholders from the list above.

```curl
curl -G https://api.stripe.com/v1/issuing/cards \
  -u "<<YOUR_SECRET_KEY>>:" \
  -d cardholder=ich_xxxxxxxxx
```

#### Find objects relating to *Radar* (Stripe Radar helps detect and block fraud for any type of business using machine learning that trains on data across millions of global companies. It’s built into Stripe and requires no additional setup to get started) value list items

Radar users who have entered customer details into their rules need to find associated value list items.

List the Radar value lists ([/v1/radar/value_lists](https://docs.stripe.com/api/radar/value_lists/list.md)), and filter for those that contain an identifier for the data subject (for example, the customer’s email address).

```curl
curl -G https://api.stripe.com/v1/radar/value_lists \
  -u "<<YOUR_SECRET_KEY>>:" \
  --data-urlencode "contains=jane@example.com"
```

Later redact each of the `rsli_...` ids in the `list_items` results.

## Redact each object

Build a script to call the `/redact` endpoint for each object found above.

This asynchronously redacts the object and dependent objects across all product surfaces (Stripe API, Stripe Dashboard, reports). Redaction typically happens within minutes, but can take up to seven days for certain objects (for example, existing CSV reports).

The redaction API is currently in beta and isn’t yet supported by Stripe’s client libraries. Make the HTTP request directly using curl or a similar tool. When making the curl request you must include the beta version as part of the Stripe-Version header.

```curl
curl -X POST https://api.stripe.com/v1/payment_intents/pi_xxxxxxxxx/redact \
  -u "<<YOUR_SECRET_KEY>>:" \
  -H "Stripe-Version: 2026-03-25.preview; redaction_api_beta=v1;"
```

The endpoint returns a success (200) or failure (400) response:

```json
{
  "id": "pi_xxxxxxxxx",
  "description": "[redacted]",
  "receipt_email": "[redacted]",
    "redaction": {
      "status": "processing"
    },
...
}
```

> **Some objects in transitory states can’t be redacted**
> 
> - PaymentIntents in `processing` states can’t be redacted and return a 400 response (for example, bank debits that have a long success *confirm* (Confirming a PaymentIntent indicates that the customer intends to pay with the current or provided payment method. Upon confirmation, the PaymentIntent attempts to initiate a payment) time window). You must wait until the PaymentIntent transitions to `succeeded` or `requires_payment_method` to redact it
- Refunds in a `pending` state can’t be redacted. You must also wait for the Refund to succeed or fail before you redact the associated transaction object
- Disputes that are in progress (status is `submitted` or `unsubmitted`) can’t be redacted. You must wait for the dispute to complete before redacting the associated object

> **Refunds and disputes** Redacted transactions can’t be refunded with the Refunds API. If your customer requests to redact their data and refund a transaction, first [refund the payment](https://docs.stripe.com/refunds.md) and then redact the API object.
> 
> *Customers* (Customer objects represent customers of your business. They let you reuse payment methods and give you the ability to track multiple payments) can dispute redacted transactions. Due to this, there is a 90 day dispute window before transactions are eligible for redaction. Stripe by default marks disputes on redacted transactions as `lost` (Dispute is created with `status: ‘lost’`) and you aren’t able to respond to this dispute. This is because responding to disputes requires to prove with customer data the legitimacy of the order (for example, user communications, web logs, personal address on shipping label).

### Redact a charge

```curl
curl -X POST https://api.stripe.com/v1/charges/ch_xxxxxxxxx/redact \
  -u "<<YOUR_SECRET_KEY>>:" \
  -H "Stripe-Version: 2026-03-25.preview; redaction_api_beta=v1;"
```

### Redact a PaymentIntent

[/v1/payment_intents/pi_…/redact](https://docs.stripe.com/api/payment_intents/redact.md)

```curl
curl -X POST https://api.stripe.com/v1/payment_intents/pi_xxxxxxxxx/redact \
  -u "<<YOUR_SECRET_KEY>>:" \
  -H "Stripe-Version: 2026-03-25.preview; redaction_api_beta=v1;"
```

### Redact a SetupIntent

```curl
curl -X POST https://api.stripe.com/v1/setup_intents/si_xxxxxxxxx/redact \
  -u "<<YOUR_SECRET_KEY>>:" \
  -H "Stripe-Version: 2026-03-25.preview; redaction_api_beta=v1;"
```

### Redact an invoice

[/v1/invoices/in_…/redact](https://docs.stripe.com/api/invoices/redact.md)

```curl
curl -X POST https://api.stripe.com/v1/invoices/in_xxxxxxxxx/redact \
  -u "<<YOUR_SECRET_KEY>>:" \
  -H "Stripe-Version: 2026-03-25.preview; redaction_api_beta=v1;"
```

### Redact a Checkout Session

[/v1/checkout/sessions/ppage_…/redact](https://docs.stripe.com/api/checkout/sessions/redact.md)

```curl
curl -X POST https://api.stripe.com/v1/checkout/sessions/ppage_xxxxxxxxx/redact \
  -u "<<YOUR_SECRET_KEY>>:" \
  -H "Stripe-Version: 2026-03-25.preview; redaction_api_beta=v1;"
```

### Redact a Radar value list item

```curl
curl -X POST https://api.stripe.com/v1/radar/value_list_items/rsli_xxxxxxxxx/redact \
  -u "<<YOUR_SECRET_KEY>>:" \
  -H "Stripe-Version: 2026-03-25.preview; redaction_api_beta=v1;"
```

### Redact a VerificationSession

[/v1/identity/verification_sessions/vs_…/redact](https://docs.stripe.com/api/identity/verification_sessions/redact.md)

```curl
curl -X POST https://api.stripe.com/v1/identity/verification_sessions/vs_xxxxxxxxx/redact \
  -u "<<YOUR_SECRET_KEY>>:" \
  -H "Stripe-Version: 2026-03-25.preview; redaction_api_beta=v1;"
```

In addition to the API, guest customers have a redact button in the Stripe Dashboard under the three dots when viewing them.
![](https://b.stripecdn.com/docs-statics-srv/assets/verification_session_redaction.9e9357ab19882ce7a3ef27862782688e.png)

### Redact a card

[/v1/issuing/cards/ic_…/redact](https://docs.stripe.com/api/issuing/cards/redact.md)

```curl
curl -X POST https://api.stripe.com/v1/issuing/cards/ic_xxxxxxxxx/redact \
  -u "<<YOUR_SECRET_KEY>>:" \
  -H "Stripe-Version: 2026-03-25.preview; redaction_api_beta=v1;"
```

### Redact a cardholder

[/v1/issuing/cardholders/ich_…/redact](https://docs.stripe.com/api/issuing/cardholders/redact.md)

```curl
curl -X POST https://api.stripe.com/v1/issuing/cardholders/ich_xxxxxxxxx/redact \
  -u "<<YOUR_SECRET_KEY>>:" \
  -H "Stripe-Version: 2026-03-25.preview; redaction_api_beta=v1;"
```

### Redact a guest customer

```curl
curl -X POST https://api.stripe.com/v1/guest_customers/gcus_xxxxxxxxx/redact \
  -u "<<YOUR_SECRET_KEY>>:" \
  -H "Stripe-Version: 2026-03-25.preview; redaction_api_beta=v1;"
```

In addition to the API, guest customers have a redact button in the Stripe Dashboard under the three dots when viewing them.
![](https://b.stripecdn.com/docs-statics-srv/assets/guest_customer_redaction.167bd57e9071ba5fe9395b87e758c03b.png)

## Delete each object representing the customer

Delete the Customer.

For this operation to succeed, you must redact all transactional objects associated with the customer.

### Redacting Customers with active Subscriptions

Subscription objects don’t store customer PII and therefore can’t be redacted.

When a Customer with an active subscription requests for their data to be redacted, you need to:

1. Cancel the subscription: `Stripe::Subscription.delete('sub_xxxxxxxxx')`
1. Redact each previous Invoice created by the Subscription
1. Delete the Customer object attached to this Subscription