Bazaarvoice

Authentication & Authorization

Credentials

• Bazaarvoice connects via OAuth 2.0 with Client Credentials Grant Flow.

• Client ID, Client Secret credentials and API Passkey can be obtained with Bazaarvoice Developer Tools under Administration (see the DataGrail Help Docs).

• An access token obtained with a Client Credentials grant expires. DataGrail updates the access token after it expires to keep the connection alive.

• Publicly exposing your API credentials can allow unauthorized access to the Bazaarvoice API endpoints, and your Bazaarvoice data by a third party. DataGrail stores your API keys encrypted and protected.

Scopes

Authorization scopes let you specify exactly what type and level of access your application requires. DataGrail requests only one specific scope during the authentication process:

• offline_access

Endpoints Utilized

• Get and refresh access token:

  • POST https://api.bazaarvoice.com/auth/v1/oauth2/token

• DataGrail uses the following endpoint to validate that the connection is good based on a successful response:

  • GET https://api.bazaarvoice.com/privacy/v1/accessRequests

Version

DataGrail Bazaarvoice integration currently supports API version 1 (v1).

Limits

DataGrail processes API responses with HTTP 429 status to interrupt requests, waiting and retrying (using an exponential backoff strategy).

Access

For an access request, DataGrail will take the following actions:

• Submitting a right of access request using Data Subject email as an individual's email address.

• Retrieve an access request status by ID

• Download and unpack PII data if access request status is “COMPLETED”.

• For all objects found, DataGrail will return all available fields. You can edit which objects and fields you want to provide to the Data Subject via our Portal Requests.

DataGrail also supports the Direct Contact Access workflow for Bazaarvoice integration.

Endpoints Utilized

• POST https://api.bazaarvoice.com/privacy/v1/accessRequests

• GET https://api.bazaarvoice.com/privacy/v1/accessRequests/{accessRequestId}

• GET https://privacy-downloads.prod.bazaarvoice.com/uat/requests/{uniqueId}.zip

Deletion

For a deletion request, DataGrail will take the following actions:

• Create a new forget requests resource to trigger the deletion of an end-user's data.

• Retrieve a forget request status by ID

• Complete deletion process if forget request status is “COMPLETED”.

DataGrail also supports the Direct Contact Deletion workflow for Bazaarvoice integration.

Endpoints Utilized

• POST https://api.bazaarvoice.com/privacy/v1/forgetRequests

• GET https://api.bazaarvoice.com/privacy/v1/forgetRequests/{forgetRequestId}