Register GDPR Request API: registerGdprRequest
The Register GDPR Request API plays a crucial role in GDPR compliance by enabling users to submit requests for accessing or forgetting their personal data. This functionality aligns with GDPR's "Right to Access" and "Right to Forget" principles. When a request is made, the API securely processes personal identifiers and registers the request to either retrieve (access) or erase (forget) the user's data. Its flexibility to handle different types of requests, like access or deletion, makes it an essential tool for maintaining GDPR compliance in data handling practices.
'Right to Access' Request
Retrieves all personal data for a specific customer using their identifier and provide it as a single downloadable ZIP file in AWS S3. The ZIP file will contain multiple CSV files. After the request is submitted, it may take up to 24–48 hours to process and prepare the file.
API Endpoint and Method
URL Format
https://{GDPR_API_URL}/api/v1/gdpr/b2b/registerGdprRequest
Example URL
https://api-dev.algonomy.com/rcdpapi/api/v1/gdpr/b2b/registerGdprRequest
HTTP Method
POST
Request Header
Include the following parameters in your request header:
|
Parameter |
Type | Required or Optional |
Description |
|---|---|---|---|
| access_token |
String |
Required |
The OAuth token required for authentication. |
| tenant_hash |
String |
Required |
The tenant’s unique hash provided by the customer success team. |
|
reqParamValue |
String |
Required |
Specifies the customer identification request parameter values (e.g., email, GCR ID). |
Request Body
{
"reqType":"access",
"reqParam":"{REQ_PARAM_IDENTIFER}",
"reqSource":"{REQUEST_SOURCE}"
}
In the request payload, the following parameters are used to specify key details for the GDPR request:
-
reqType: Specifies the type of GDPR request. This field is critical for indicating the nature of the original request, such as "access" for data access requests or "forget" for data deletion requests.
-
reqParam: Defines the customer identification type such as email, mobile number, gcrid. It is necessary to include at least one such customer identifier in each API request.
-
reqSource: Describes the source of the request, which can support up to a 10-character string and can be any valid string.
Available customer identifiers are:
|
Customer Identifiers |
Request Header Parameter |
|---|---|
|
GCRID (Golden Customer Record ID generated by RCDP Application) |
gcrId |
| Email address |
|
|
Mobile number |
Mobile |
|
External customer code |
Customer |
Response Body
Successful request:
Returned when the request is submitted successfully.
HTTP status: 200 OK
{
"status": "OK",
"data":
{
"message": "Request submitted successfully.",
"trackingId": 595
}
}
Duplicate access request:
Returned when an access request already exists and is pending execution.
HTTP status: 500 Internal Server Error
{
"error": "Request already exist with tracking id:[399] and request status : [registered]"
}
Existing delete request pending:
Returned when a delete (forget) request already exists for the same customer and is pending execution.
HTTP status: 500 Internal Server Error
{
"error": "Request already exist for [forget] with tracking id:399, revoke the existing request before raising any new request."
}
Internal server error:
Returned when an error occurs during request submission.
HTTP status: 500 Internal Server Error
{
"error": "Internal server error while registering the request."
}
Variables
|
Variable name |
Type |
Description |
|---|---|---|
| {B2B_URL} |
API endpoint URL |
Provided by Algonomy for stage and production environments |
| {TENANT_HASH} |
Request header |
Provided by Algonomy |
|
reqParamValue |
String |
Specifies the request parameter values. |
‘Right to Forget’ Request
Important: The ‘Right to Forget’ request will completely erase the customer identification information from the system, and it cannot be rolled back once it has been executed successfully.
API Endpoint and Method
URL Format
https://{GDPR_API_URL}/api/v1/gdpr/b2b/registerGdprRequest
Example URL
https://api-dev.algonomy.com/rcdpapi/api/v1/gdpr/b2b/registerGdprRequest
HTTP Method
POST
Request Header
Include the following parameters in your request header:
|
Parameter |
Type | Required or Optional |
Description |
|---|---|---|---|
| access_token |
String |
Required |
Specifies the access token from the create token API. |
| tenant_hash |
String |
Required |
Specifies tenant hash shared with the tenant. |
|
reqParamValue |
String |
Required |
Specifies the request parameter values. |
Request Body
{
"reqType":"forget",
"reqParam":"gcrid",
"reqSource":"test_1"
}
In the request payload, the following parameters are used to specify key details for the GDPR request:
-
reqType: Specifies the type of GDPR request. This field is critical for indicating the nature of the original request, such as "access" for data access requests or "forget" for data deletion requests.
-
reqParam: Defines the customer identification type such as email, mobile number, gcrid. It is necessary to include at least one such customer identifier in each API request.
-
reqSource: Describes the source of the request, which can support up to a 10-character string and can be any valid string.
Available customer identifiers are:
|
Customer Identifiers |
Request Header Parameter |
|---|---|
|
GCRID (Golden Customer Record ID generated by RCDP Application) |
gcrId |
| Email address |
|
|
Mobile number |
Mobile |
|
External customer code |
Customer |
Response Body
A successful request returns “200 – OK” along with the following retrieved data as response.
{
"status": "OK",
"data":
{
"message": "Request submitted successfully.",
"trackingId": 595
}
}