Skip to main content
Unlisted page
This page is unlisted. Search engines will not index it, and only users having a direct link can access it.

Optimizely

Authentication & Authorization

Credentials

  • Optimizely connects via OAuth 2.0 with authorization code grant flow.
  • Client ID and Client Secret credentials can be obtained during the setup of the Optimizely application. See Optimizely Connection Instructions.
  • DataGrail uses Refresh Token Flow to periodically update access token after it expires to keep the connection alive.
  • Publicly exposing your API credentials can allow unauthorized access to the Optimizely API endpoints, and your Optimizely data by a third party. DataGrail stores your API credentials encrypted and protected.

Scopes

Optimizely API requires specific scopes that need to be approved by you in order to grant DataGrail read on certain objects necessary to complete privacy requests:

  • Read Optimizely data.
  • Write Optimizely data.
  • Have offline access.

Endpoints Utilized

  • Request authorization:
    • GET https://app.optimizely.com/oauth2/authorize
  • Get and refresh access token:
    • POST https://app.optimizely.com/oauth2/token
  • Validate that credentials are good based on a successful response:
    • GET https://api.optimizely.com/v2/me

Version

DataGrail integration currently supports Optimizely API version 2 (v2).

Limits

Optimizely API uses rate limits per organization.

DataGrail processes API responses with HTTP 429 status to interrupt requests, waiting and retrying (using an exponential backoff strategy).

Access

For an access request, DataGrail will take the following actions:

  • Submit Subject Access Request. This will schedule an Optimizely job that will finds all data stored in Optimizely systems associated to the the Data Subject email.
  • Create a scheduling task for regular checking access status in Optimizely using the get request status by ID call.
  • Access request will be in the processing status on DataGrail side until Optimizely exports personal data to an AWS S3 bucket for an access.
  • For all objects found, DataGrail will return all available fields. You can edit which objects and fields you want to provide to the Data Subject via our Portal Requests.

Endpoints Utilized

  • POST https://api.optimizely.com/v2/subject-access-requests
  • GET https://api.optimizely.com/v2/subject-access-requests/{id}
note

DataGrail also supports the Direct Contact Access workflow for Optimizely.

Deletion

For a deletion request, DataGrail will take the following actions:

  • Submit Subject Deletion Request. This will schedule an Optimizely deletion job that will remove all data within an account that is associated to the Data Subject email.
  • Create a scheduling task for regular checking deletion status in Optimizely using the get request status by ID call.
  • Deletion request will be in the processing status on DataGrail side until Optimizely deletes the requested personal data.

Endpoints Utilized

  • POST https://api.optimizely.com/v2/subject-access-requests
  • GET https://api.optimizely.com/v2/subject-access-requests/{id}
note

DataGrail also supports the Direct Contact Deletion workflow for Optimizely.

tip

All access and deletion requests submitted by DataGrail integration can be monitored via Optimizely application dashboard: Account Setting -> Access or Deletion Requests.

 

Need help?
If you have any questions, please reach out to your dedicated Account Manager or contact us at support@datagrail.io.

Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.