Clarification on Data Compliance API

Is Data Compliance API a hard requirement for an already published application if we only change the scopes? The app was published before Data Compliance API was introduced. Our application already deletes user data properly as required, it just doesn’t invoke the appropriate API to notify about it.

I already asked this previously here:

Good question, I believe you need to implement the Data Compliance API. Abe can confirm that once you are in the app update process.

However, I am asked to find this all out before we are in the app update process. Additional question: are there some sort of sanctions for not following the process correctly (for whatever reasons, for example, a network error or a bug)? I assume API calls are monitored?

Thank you very much in advance.

Hey @konstantin.geyst,

Yes we will ask you to implement the Data Compliance Deauth flow. It is pretty simple, just a webhook sent to your server, and you make an API request.

Thanks for your understanding,