Register GDPR Request API: registerGdprRequest

The Register GDPR Request API plays a crucial role in GDPR compliance by enabling users to submit requests for accessing or forgetting their personal data. This functionality aligns with GDPR's "Right to Access" and "Right to Forget" principles. When a request is made, the API securely processes personal identifiers and registers the request to either retrieve (access) or erase (forget) the user's data. Its flexibility to handle different types of requests, like access or deletion, makes it an essential tool for maintaining GDPR compliance in data handling practices.

Note: By default, Real-time CDP processes all the captured requests daily at midnight, according to your time zone. If you wish to modify the processing frequency, please contact your Customer Success Manager (CSM) or the Algonomy support team for assistance.

'Right to Access' Request

API Endpoint and Method

URL Format

Copy 
https://{GDPR_API_URL}/api/v1/gdpr/b2b/registerGdprRequest

Example URL

Copy 
https://api-dev.algonomy.com/rcdpapi/api/v1/gdpr/b2b/registerGdprRequest

HTTP Method

POST

Note: To get the {GDPR_API_URL} contact your CSM or Algonomy support team.

Request Header

Include the following parameters in your request header:

Parameter

 Type Required or Optional

Description
access_token

String

Required

 The OAuth token required for authentication.
tenant_hash

String

Required

 The tenant’s unique hash provided by the customer success team.

reqParamValue

String

Required

Specifies the customer identification request parameter values (e.g., email, GCR ID).

Note: In Request Body, for a given reqParam type, the corresponding reqParamValue should be given into the header. reqParamValue can be sensitive data hence it is a part of request header.

Request Body

Copy 
{
"reqType":"access",
"reqParam":"gcrid",
"reqSource":"test_1"
}

In the request payload, the following parameters are used to specify key details for the GDPR request:

  • reqType: Specifies the type of GDPR request. This field is critical for indicating the nature of the original request, such as "access" for data access requests or "forget" for data deletion requests.

  • reqParam: Defines the customer identification type such as email, mobile number, gcrid. It is necessary to include at least one such customer identifier in each API request.

  • reqSource: Describes the source of the request, which can support up to a 10-character string and can be any valid string.

Available customer identifiers are:

Customer Identifiers

 Request Header Parameter

GCRID

(Golden Customer Record ID generated by RCDP Application)

gcrId
Email address

Email

Mobile number

Mobile

External customer code

Customer

Response Body

A successful request returns “200 – OK” along with the following retrieved data as response.

Copy 
{
"status": "OK",
"data":
      {
      "message": "Request submitted successfully.",
      "trackingId": 595
      }
}

Note: Ensure that you are provided “trackingId” in the response to track the status of the created GDPR forget/access request using the gdprRequestStatus API.

‘Right to Forget’ Request

Important: The ‘Right to Forget’ request will completely erase the customer identification information from the system, and it cannot be rolled back once it has been executed successfully.

API Endpoint and Method

URL Format

Copy 
https://{GDPR_API_URL}/api/v1/gdpr/b2b/registerGdprRequest

Example URL

Copy 
https://api-dev.algonomy.com/rcdpapi/api/v1/gdpr/b2b/registerGdprRequest

HTTP Method

POST

Note: To get the {GDPR_API_URL} contact your CSM or Algonomy support team.

Request Header

Include the following parameters in your request header:

Parameter

 Type Required or Optional

Description
access_token

String

Required

 Specifies the access token from the create token API.
tenant_hash

String

Required

 Specifies tenant hash shared with the tenant.

reqParamValue

String

Required

Specifies the request parameter values.

Note: In Request Body, for a given reqParam type, the corresponding reqParamValue should be given into the header. reqParamValue can be sensitive data hence it is part of the request header.

Request Body

Copy 
{
"reqType":"forget",
"reqParam":"gcrid",
"reqSource":"test_1"
}

In the request payload, the following parameters are used to specify key details for the GDPR request:

  • reqType: Specifies the type of GDPR request. This field is critical for indicating the nature of the original request, such as "access" for data access requests or "forget" for data deletion requests.

  • reqParam: Defines the customer identification type such as email, mobile number, gcrid. It is necessary to include at least one such customer identifier in each API request.

  • reqSource: Describes the source of the request, which can support up to a 10-character string and can be any valid string.

Available customer identifiers are:

Customer Identifiers

 Request Header Parameter

GCRID

(Golden Customer Record ID generated by RCDP Application)

gcrId
Email address

Email

Mobile number

Mobile

External customer code

Customer

Response Body

A successful request returns “200 – OK” along with the following retrieved data as response.

Copy 
{
"status": "OK",
"data":
      {
      "message": "Request submitted successfully.",
      "trackingId": 595
      }
}

Note: Ensure that you receive a trackingId in the response. This identifier is essential for tracking the status of the created GDPR forget/access request using the gdprRequestStatus API.