What is the DROP API? How data brokers respond to deletion requests
· 2 min read · DROP Privacy
What is the DROP API?
The DROP API is the programmatic interface to California's Delete Request and Opt-out Platform (DROP) — the state system created by the Delete Act (SB 362). It's how a registered data broker pulls the outstanding deletion requests and submits its responses each cycle, instead of doing any of it by hand. If the DROP platform is the front door for consumers, the DROP API is the loading dock for brokers.
What does a data broker do with the DROP API?
Across a single 45-day cycle, the API is used to:
- Download the request batch — the current list of consumers who must be deleted, in a hashed form.
- Submit responses — report the outcome for each record (deleted, exempt, opted-out, not found).
- Submit corrections — amend a previous response when something needs to change.
The important detail is that the request and response data is exchanged as hashes, statuses, and metadata — not raw consumer personal information. That's what lets a broker comply without taking on new PII exposure.
What's the difference between a response and a correction?
A response is your first answer for a record in a given cycle. A correction is a change to an answer you already submitted — and it goes through a separate amend path, not by re-uploading the original response. Mixing the two up is a common integration mistake: re-submitting where you should amend can double-act or get rejected.
Why the DROP API is harder than it looks
The API itself is just an interface — the hard part is everything around it:
- Exact, reproducible hashing. Your responses only match if your identifiers are normalized and hashed the same way the platform expects, byte-for-byte. A small mismatch silently destroys your match rate.
- Idempotency. Re-running a cycle must never double-respond. Submissions have to be safe to retry.
- Scale. Brokers can hold hundreds of millions of records; downloading, matching, and responding has to stay fast and survive a crash mid-cycle.
- Proof. Every submission should be written to a tamper-evident audit log so you can later show exactly what you reported and when.
The DROP API is a small surface with strict rules. Most of the engineering effort is in getting hashing, idempotency, and proof right — not in the HTTP calls.
You don't have to integrate it yourself
DROP Privacy talks to the DROP API for you — downloading each batch, matching it against a privacy-preserving index, submitting responses and corrections through their correct endpoints, suppressing matched consumers forward, and sealing a tamper-evident proof of deletion. See how it works, review the security model, or request a demo to watch a full cycle — API calls included — run end to end.
See DROP Privacy run a full Delete Act cycle on sample data. Request a demo →