Skip to main content
Unlisted page
This page is unlisted. Search engines will not index it, and only users having a direct link can access it.

Planhat

Authentication & Authorization

Credentials

  • Planhat connects via Basic Authentication using a special API Token as credentials.
  • API Token is set with the HTTP Authorization request header.
  • Your API Token can be created in the Service Accounts under the Settings section (see Planhat Connection Instructions).
  • Publicly exposing your API credentials can allow unauthorized access to the Planhat API endpoints, and your Planhat data by a third party. DataGrail stores your API credentials encrypted and protected.

Permissions

API Access Tokens are static tokens that belong to a Service Account, meaning that whatever operation performed with this token, will appear as a Service Account action. It is possible to limit the access scope for an API Access Token by configuring permissions on the Service Account level.

Endpoints Utilized

DataGrail uses the following endpoint to validate that credentials are good based on a successful response:

  • GET https://api.planhat.com/endusers

Limits

Planhat comes with a quota (soft limit) of 200 API calls per minute. The hard limit is 150 requests per second with bursts of up to 50 parallel requests.

  • DataGrail supports requests throttling to stay within 70-80% of specified service rate limits.
  • DataGrail processes API responses with HTTP 429 status to interrupt requests, waiting and retrying (using an exponential backoff strategy).

Access

For an access request, DataGrail will take the following actions:

  • Search endusers by the Data Subject email or end user ID.
  • For all objects found, DataGrail will return all available fields. You can edit which objects and fields you want to provide to the Data Subject via our Portal Requests.

Endpoints Utilized

  • GET https://api.planhat.com/endusers
note

DataGrail also supports the Direct Contact Access workflow for Planhat.

Deletion

For a deletion request, DataGrail will take the following actions:

Endpoints Utilized

  • GET https://api.planhat.com/endusers
  • DELETE https://api.planhat.com/endusers/{id}
note

DataGrail also supports the Direct Contact Deletion workflow for Planhat.

 

Need help?
If you have any questions, please reach out to your dedicated Account Manager or contact us at support@datagrail.io.

Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.