Persona
Authentication & Authorization
Credentials
- Persona API authentication is performed via HTTP Bearer Authentication, using API key as the bearer token value.
- API Key can be obtained via Persona Dashboard (see Persona Connection Instructions).
- Publicly exposing your API keys can allow unauthorized access to the Persona API endpoints, and your Persona data by a third party. DataGrail stores your API keys encrypted and protected.
Permissions
API Keys may be assigned certain permissions that limit which API endpoints they can access.
Persona API Key for DataGrail should be configured with the next required permissions (see Persona Connection Instructions):
- inquiry.read (Read Inquiries)
- verification.read (Read Verifications)
- list.read (Read Lists)
Deletion
Additionally, if deletion capability is enabled, the following permissions must be set:
- inquiry.write (Create Inquiries)
- verification.write (Create/Update Verifications)
- list.write (Create/Update Lists)
Endpoints Utilized
DataGrail uses the following endpoint to validate that credentials are good based on a successful response:
- GET https://withpersona.com/api/v1/inquiries
Version
DataGrail Persona integration currently supports API version v1. It's linked to the latest released version.
Limits
Persona uses rate limiting to safeguard the stability of API. The default rate limiter allows up to 300 requests per minute timeframe. Any request over the limit will return a 429 Too Many Requests error.
DataGrail processes API responses with HTTP 429 status to interrupt requests, waiting and retrying (using an exponential backoff strategy).
Access
For an access request, DataGrail will take the following actions:
- List all organization's inquiries.
- Filter and collect inquiries by the Data Subject email.
- Retrieve the details of an existing verifications, related to the collected inquiries.
- List all organization's email lists.
- Retrieve the details of an existing email address list items.
- Filter and collect email items by the Data Subject email.
- For all objects found, DataGrail will return all available fields. You can edit which objects and fields you want to provide to the Data Subject via our Portal Requests.
Endpoints Utilized
- GET https://withpersona.com/api/v1/inquiries
- GET https://withpersona.com/api/v1/verifications/{verification_id}
- GET https://withpersona.com/api/v1/lists
- GET https://withpersona.com/api/v1/list-item/email-addresses/{item_id}
DataGrail also supports the Direct Contact Access workflow for Persona.
Deletion
For a deletion request, DataGrail will take the following actions:
- Run all data access steps to find objects that can be deleted (see Access). You can select which found objects you want to delete via our Portal Requests.
- Permanently delete personally identifiable information (PII) for an inquiry (and all associated verifications, reports, or other Persona resources).
- Permanently delete personally identifiable information (PII) for a verification.
- Archive an email address list item.
Endpoints Utilized
- DELETE https://withpersona.com/api/v1/inquiries/{inquiry_id}
- DELETE https://withpersona.com/api/v1/verifications/{verification_id}
- DELETE https://withpersona.com/api/v1/list-item/email-addresses/{item_id}
DataGrail also supports the Direct Contact Deletion workflow for Persona.
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.