/cloud/webhooks/automate-right-to-erasure.md

Explains how to automate Right to Erasure requests with webhooks and Open Cloud APIs for data stores.

Workflow

Configure a webhook with third-party integration

Set up a server

Configure a webhook on Roblox

Configure a bot

Create an Open Cloud API key

Obtain identifiers of experiences and places

Add scripts

Test

Automate right to erasure requests

Experiences

Avatar

Assets

Samples and projects

Engine API

Open Cloud API

Studio

Analytics

Platform

Tutorials

Creator programs

Education

Courses

Learn

This method is asynchronous and returns an `Operation`, which represents the current state of the operation. It contains an endpoint path that you can poll to obtain the real response and applicable metadata. See the [documentation]({longRunningOperationsLink}) on long-running operations for more information.
            
The following sections describe the response and metadata objects that are provided when an operation completes.

Beta endpoints are ready for public use. Breaking changes are possible but rare.

These Open Cloud documentation pages will be removed on March 31, 2026. You will be automatically redirected to the new Open Cloud documentation at that time. {linkStart}Learn more{linkEnd}

These old Open Cloud pages will be removed and redirected on March 31, 2026. {linkStart}Learn more{linkEnd}

Experimental endpoints are ready for public use, but may experience breaking changes occasionally as the API contract is finalized.

This endpoint can be called in-experience through {httpServiceLinkStart}HttpService{httpServiceLinkEnd} with an API key.

This field may be set when creating a resource, but may not be modified by subsequent requests.

These fields may be set when creating a resource, but may not be modified by subsequent requests.

This field may be provided in requests, but will never be included in responses.

Legacy authentication method. Always prefer using API Key or OAuth 2.0 when available.

Per API Key: {maxInPeriod} requests every {periodInSeconds} seconds per IP Address

Requires no authentication to call. Typically has significantly lowered rate limits. Always prefer using API Key or OAuth 2.0 when available.

For each grouping, only one of the following fields in the schema has to be provided, the remaining can be excluded.

You can opt back in at any time. {linkStart}Provide feedback.{linkEnd}

You are viewing the old docs. {linkStart}Provide feedback.{linkEnd}

You can opt out at any time and be redirected back to the old reference pages. {linkStart}Provide feedback.{linkEnd}

You are viewing the revamped docs. {linkStart}Provide feedback.{linkEnd}

This field may be set on responses, but will be ignored in requests.

Note: Rate limits can be lower during high-traffic periods. Certain endpoints have additional rate limits. [Learn more about rate limits]({link}).

{limit} requests per day across all API keys for a user or group

{limit} requests per hour across all API keys for a user or group

{limit} requests per minute across all API keys for a user or group

{limit} requests per second across all API keys for a user or group

{limit} requests per minute per API key owner

{limit} request(s) per second per API key owner

Scopes control what permissions your credentials have. Your credentials can only access the endpoints supported by the scopes you selected.

Stable endpoints are production-ready and will almost never experience breaking changes during their lifetime.

This target enables you to limit your key's access to selected {requiredParts}

This target enables you to limit your key's access to selected {requiredParts} and {optionalParts}

Target types are used to restrict the resources that your credentials have permissions on. Only the selected resources can be acted on even if your account has permissions on additional resources. Some scopes do not have target parts. In these cases, all of your relevant resources can be acted on.

The universe Top Level Part does not need to be selected for user-owned API Keys. In this case, your API Key will have access to all of your user-owned experiences and group-owned experiences that you have the right group permissions on.

Try It Out is not yet supported for endpoints requiring API key or OAuth 2.0 authentication

Cookie authentication is disabled for high risk operations for safety.

Critical risk endpoints are extremely sensitive and Try It Out is disabled for safety

Note: Authentication headers are not included in this code sample. You may need to add an authentication header for this command to work.

This is a high risk endpoint that can modify or delete critical data. Use extreme caution when testing.

This API endpoint has been classified as HIGH RISK and may affect live data or user accounts.

Authenticated requests to high-risk APIs can make changes that cannot be undone. Please review your request parameters carefully before proceeding.

Please login to use cookie authentication

This is a low risk endpoint that retrieves data. This is generally safe to test.

This is a medium risk endpoint that modifies data. Test carefully with non-critical accounts, as changes may be permanent.

To keep your account safe, never paste text here from other sources or send information from this page to others.

You are about to test live API endpoints using your actual account credentials.

Only proceed if you understand the implications of the API calls you're about to make. Review the API documentation carefully before testing.

API calls will be made using your authenticated session

These are real API calls that may affect your account or data

Rate limits and other API restrictions apply

Some operations may modify or delete data

This endpoint has been superseded by these recommended alternative endpoints:

The following scopes are required to call this endpoint. For more
information on generating proper keys, see [Manage API keys]({apiKeyReferenceDocLink}).

For more information on generating keys, see [Manage API keys]({apiKeyReferenceDocLink}).

The following endpoints are available at paths relative to the base URL.

This string is formatted as a [FieldMask](/cloud/reference/types#fieldmask).

A JSON value can be `null`, `boolean`, `string`, `number`, `array`, or `object`.

The following scopes are required for your OAuth 2.0 application to use this endpoint. For more information on how to register an OAuth 2.0 application, see [App registration and review]({oauth2ReferenceDocLink}).

For more information on how to register an OAuth 2.0 application, see [App registration and review]({oauth2ReferenceDocLink}).

The following objects describe payloads that are accepted or returned. See each individual endpoint for more information on when these objects are used.

The following scopes are required to call this endpoint.

Resource Paths

This string is formatted as a [Timestamp](/cloud/reference/types#timestamp).

The following scopes are required for your OAuth 2.0 application to use this endpoint. For more information on how to register an OAuth 2.0 application, see [App Registration and Review]({oauth2ReferenceDocLink}).

Not Recommended

You are viewing the revamped Open Cloud reference.

You've opted out of the new Open Cloud reference.

This allows viewing information about your assets.

This allows uploading and updating assets to Roblox.

This allows viewing asset permissions for subjects (including groups and experiences) and assets your account has access to.

This allows granting asset permissions to any subjects (including groups and experiences) and assets your account has access to.

This allows you to view the status and results of avatar auto-setup jobs on your behalf.

This allows you to create and manage avatar auto-setup jobs on your behalf.

Grants the ability to update badges owned by the user.

This allows viewing information about your commerce items.

This allows making changes to your synced commerce items.

This allows viewing information about your commerce merchant connections.

This allows editing of your commerce merchant connections.

This allows you to view information about your Creator Store products.

This allows you to modify information about your Creator Store products.

This allows you to view information about your Creator Store saves.

This allows you to modify information about your Creator Store saves.

Grants access to create data stores on your behalf.

Grants access to delete data stores on your behalf.

Grants access to read a list of data stores.

Grants access to take a snapshot of your data stores.

Grants access to create entries in your data stores.

Grants access to mark specified entries for deletion.

Grants access to list your data store's entries.

Grants access to read specified entries in your data stores.

Grants access to update the value, attributes, and users of an entry.

Grants access to delete revisions of your data store's entries.

Grants access to list revisions for your data store's entries.

Grants access to read revisions of your data store's entries.

Grants access to view configuration details for the authorized user's developer products.

Grants access to edit the authorized user's developer products.

This allows viewing information about your universe's environments.

This allows editing of your universe's environments.

Grants access to view configuration details for the authorized user's game passes.

Grants access to edit the authorized user's game passes.

Grants access to view community forums information for your account.

Grants access to manage community forums information for your account.

This allows viewing information about your communities.

This allows you to manage community join requests and role updates of lower-ranked community members for your account.

Allows you to view an instance's property data.

Allows you to modify the property data of instances (currently only supports Scripts).

This allows viewing information about your inventory.

Grants access to manage your badges and spend Robux.

Grants access to update the authorized user's badges.

Grants access to manage your developer products.

Grants access to read information about the experiences you have notifications on for.

Grants access to turn on or off notifications for experiences on your behalf.

Grants access to manage your communities.

Grants permission to read community information.

Grants access to read and write your localization tables

Grants access to manage team collaboration for all experiences you own.

Grants access to manage your experiences and certain information associated with your experiences (e.g. localization information).

Grants access to read your experiences' localization information.

Grants access to modify your experiences' localization preferences.

Grants access to manage your user account.

Grants access to modify user localization preferences.

Allows you to view the status, logs, and results of Luau execution tasks for the associated place.

Allows you to create new Luau execution tasks for the associated place.

Grants access to asynchronously flush all data structures in the universe.

Grants access to discard read items from the front of the queue.

Grants access to read items at the front of the queue.

Grants access to read your memory store items.

Grants access to create, update, and delete map items.

This grants the ability to publish messages on behalf of users.

This allows sending notifications from your experience to users.

(Deprecated) Grants access to read a list of entries in an ordered data store.

(Deprecated) Grants access to create a new entry in an ordered data store.

Grants access to list entries from an ordered data store.

Grants access to create entries in an ordered data store.

This allows listing secrets associated with your experience.

This allows creating and updating secrets associated with your experience.

This permission allows you to submit an evaluation job and view the job result.

Grants access to read about your subscription products.

This allows you to read thumbnail information on your behalf.

Grants the ability to read place information.

Grants the ability to edit place information.

Grants access to publish new versions of experiences to Roblox.

Grants the ability to read experience information.

Grants access to edit the authorized user's experiences.

Allows you to view user restrictions in the experience.

Allows you to edit user restrictions in the experience.

This allows viewing notifications sent to your account.

Grants the ability to read the authorized user's premium and verified status.

This allows you to view the authorized user's social accounts.

This enables Single Sign-On functionality.

This grants access to read your profile information.

This function returns immediately if possible, but can yield the thread that called it until it can return a value.

Learn more about {linkStart}capabilities{linkEnd}.

{nameStart}name{nameEnd} is no longer supported or maintained by Roblox.

This endpoint is no longer supported or maintained by Roblox.

This math operation is no longer supported or maintained by Roblox.

This member doesn’t appear in the object browser and is not intended for widespread use.

This member is only accessible only through the command bar. Attempting to access this member from scripts causes an error.

This function can’t pause the Lua thread that called it.

Attempting to access this member in scripts causes an error. You might be able to access this member from Roblox Studio's property window.

This member doesn’t appear in Roblox Studio’s Object Browser.

You can’t create an instance of this class with the Instance.new constructor.

Roblox does not replicate this member across its server-client boundary.

Lua code can’t access this member. You might be able to change its value from the property window in Roblox Studio.

This member is accessible from OpenCloud Luau execution tasks.

This object’s replication behavior is dependent on the player who owns it.

This member is accessible through the command bar and plugins. Attempting to access this member from scripts causes an error.

This member is read only. Attempting to write to this member causes an error.

This property is read-only and is safe to read in unsynchronized threads. Attempting to write to it causes an error.

There are alternative endpoints available that supersede this endpoint.

This member is accessible only in CoreScripts.

Only Roblox CoreScripts can access this member, and it isn’t usable by Players.

You can read and write to this property safely from multiple threads.

This class is a top-level singleton. Retrieve an instance of this class with the GetService function.

Can be accessed within callbacks bound via {link1Start}RunService:BindToSimulation(){link1End}. Participates in rollbacks. See {link2Start}server authority{link2End}.

Multiple threads can potentially write to this property, so it’s unsafe to read from unsynchronized threads.

This function pauses the Lua thread that called it until it returns a result. This doesn’t interrupt other scripts.

Manage and analyze all your experiences in one convenient place.

Documentation and resources for all creators.

Learn how to create Roblox experiences with guides, tutorials, and code samples.

Build your experiences in Studio, our all-in-one IDE, and deploy to a wide variety of devices.