Skip to main content
POST
/
v1
/
receipts
/
{id}
/
redact
Redact receipt
curl --request POST \
  --url https://api.truthlocks.com/v1/receipts/{id}/redact \
  --header 'Content-Type: application/json' \
  --header 'X-API-Key: <api-key>' \
  --data '
{
  "fields": [
    "<string>"
  ],
  "reason": "<string>"
}
'
{
  "receipt_id": "<string>",
  "status": "<string>",
  "redacted_fields": [
    "<string>"
  ]
}
Removes PII from a receipt’s payload while preserving the cryptographic proof. The receipt’s signature, transparency log entry, and Merkle inclusion proof remain intact — only the payload_json is replaced with a redaction marker. Use this for GDPR right-to-erasure requests on receipts containing personal data.
Redaction is permanent. The original payload cannot be restored. The cryptographic proof remains valid for audit purposes.

Path parameters

id
string
required
UUID of the receipt to redact.

Headers

Idempotency-Key
string
required
UUID for idempotent redaction.

Response

receipt_id
string
UUID of the redacted receipt.
status
string
redacted
redacted_at
string
ISO 8601 timestamp of redaction.

What changes after redaction

  • statusredacted
  • payload_json{"redacted": true, "redacted_by": "tenant_request"}
  • A RECEIPT_REDACT event is anchored in the transparency log
  • All other fields (signature, log proof, receipt_type) are preserved

Authorizations

X-API-Key
string
header
required

API key for machine-to-machine authentication

Path Parameters

id
string
required

Receipt UUID

Body

application/json
fields
string[]
required

JSON paths of fields to redact

reason
string

Redaction reason

Response

Receipt redacted

receipt_id
string
status
string
redacted_fields
string[]