General Data Protection Regulation (GDPR) APIs

Getting Started with GDPR APIs

The General Data Protection Regulation (GDPR) APIs provide essential tools for managing personal data under EU regulations. These APIs are critical for handling 'Right to Access' and 'Right to Forget' requests, ensuring that customer data is managed securely and in compliance with privacy standards.

The GDPR APIs in the Real-time CDP allow companies to handle sensitive data with transparency and control, crucial for businesses in the retail, marketing, and customer data analytics industries.

Authentication Scope

The GDPR APIs employ OAuth 2.0 for secure authentication, which is an industry-standard protocol for secure access. OAuth ensures that API calls are made securely and with temporary access tokens that have a limited scope and duration. This approach enhances compliance with security regulations.

To use the GDPR APIs, you must first generate OAuth access tokens, which provide secure temporary access to the APIs.

Note: For more information about creating and updating an OAuth access token, see API Authentication.

Obtaining Access Tokens

To interact with the GDPR APIs, it is necessary to first obtain an OAuth access token. Access tokens are essential for API calls and are generated by sending a request that includes specific parameters like the API URL, resources, tenant hash, and OAuth key secret.

Creating an access token requires the following details:

• API URL

• List of GDPR APIs

• Tenant_hash

• OAuth_key_secret

API URL

The API URL, necessary for token generation, can be obtained through your Customer Success Manager (CSM) or the Algonomy support team.

List of GDPR APIs

Access tokens are specific to resources. The available resources for GDPR APIs include registerGdprRequest, revokeGdprActions, and gdprRequestStatus. You can specify one or multiple resources in your token request. To include multiple resources in the payload, separate them with commas.

The following APIs are available to implement GDPR requests in Real-time CDP:

Resources	Description
registerGdprRequest	Register a GDPR access or forget request.
revokeGdprActions	Revoke a previously submitted GDPR request.
gdprRequestStatus	Check the status of a submitted GDPR request.

Tenant_hash

You can obtain your tenant_hash by contacting your Customer Success Manager (CSM) or the Algonomy support team.

OAuth_key_secret

Note: OAuth_key_secret is required if the tenant is enabled with B2B API OAuth authentication.

You can obtain your OAuth_key_secret (OAuth secret key) by contacting your Customer Success Manager (CSM) or the Algonomy support team.

There is a soft limit on the number of tokens that can be generated for GDPR B2B APIs daily. The soft limit is 100, but it can be increased as needed. CSM or Algonomy support team for assistance.

List of GDPR APIs

The following GDPR APIs are available to implement the "Right to access'' and ''Right to forget'' requests in Real-time CDP:

• Register GDPR Request API: registerGdprRequest

• Revoke GDPR Actions API: revokeGdprActions

• GDPR Request Status API: gdprRequestStatus