Intake API

The DataGrail DSR intake API is built to enable customers and integration partners to programmatically create and manage privacy requests from anywhere. Whether originating from a web or mobile application or a bulk upload through a script, you can create a DSR in the DataGrail platform from wherever you see fit.

API Conventions

All URLs listed in the documentation should have the same base URL that precedes each route. This consists of your organization's DataGrail URL along with the API version:

https://${yourDataGrailDomain}/api/v1

For example, if your DataGrail URL is camelot.datagrail.io, each endpoint will be preceded with:

https://camelot.datagrail.io/api/v1

Authentication

The DataGrail API uses API keys to authenticate requests. Please reach out to your DataGrail CSM directly for an API key at support@datagrail.io.

Authentication to the API is performed by passing your API token in the Authorization header using the Bearer Scheme: Authorization: Bearer <api_key>

All API requests must be made over HTTPS.

You can test if your credentials are valid, by sending a GET request to the /ping endpoint.

A successful response will be an empty request with status 200

Shell

curl -i "https://${yourDataGrailDomain}/api/v1/ping" \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <api_key>"

Ruby

require 'HTTParty'
base_url = 'https://${yourDataGrailDomain}/api/v1'
HTTParty.get("#{base_url}/ping", headers: { 'Authorization' => "Bearer #{api_key}" })

Python

import requests
base_url = 'https://${yourDataGrailDomain}/api/v1'
requests.get('{}/ping'.format(base_url), headers = { 'Authorization': 'Bearer {}'.format(api_key) })

info

The above command returns a response with no content and a status code of 200.

Create a Privacy Request

Creates a privacy request to access or delete personal data.

A privacy request is a request for access or deletion of personal data that is made directly from a data subject, data processor on behalf of a data subject, or any other avenue that pertains to your supported dynamic policies.

Endpoint

POST /privacy_requests

Parameters

Parameter	Required	Description
privacy_right	true	access, access_categories, or deletion
identifiers	true	JSON object that contains values used to identify personal data
custom	false	JSON object containing any custom data associated with the privacy request

Identifiers

Supports an array with a single email:

{ "emails": ["guinevere@camelotknights.com"] }

Custom

Values can be strings, numbers, arrays, booleans, or null.

Example custom data can be seen below.

Shell

curl -XPOST "https://${yourDataGrailDomain}/api/v1/privacy_requests" \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <api_key>" \
  -d '{
      "privacy_right": "access",
      "custom": {
        "first_name": "Queen",
        "last_name": "Guinevere",
        "phone_numbers": ["555-555-1234", "555-555-5678"],
        "country": "Britain",
        "app_id": "holy_grail_app",
        "user_id": "123abc",
        "notes": "Apple Account Deletion", 
        "origin": "iOS"
      },
      "identifiers": {
        "emails": ["guinevere@camelotknights.com"]
      }
  }'

Ruby

require 'HTTParty'
base_url = 'https://${yourDataGrailDomain}/api/v1'
HTTParty.post(
  "#{base_url}/privacy_requests",
  headers: { 'Authorization' => "Bearer #{api_key}" },
  body: {
    privacy_right: 'access',
    custom: { 
      "first_name": "Queen",
      "last_name": "Guinevere",
      "phone_numbers": ["555-555-1234", "555-555-5678"],
      "country": "Britain",
      "app_id": "holy_grail_app",
      "user_id": "123abc",
      "notes": "Apple Account Deletion",
      "origin": "iOS"
  },
    identifiers: {
      emails: ['guinevere@camelotknights.com']
    },
  }.to_json
)

Python

import requests
base_url = 'https://${yourDataGrailDomain}/api/v1'
requests.post(
  '{}/privacy_requests'.format(base_url),
  headers={ 'Authorization': 'Bearer {}'.format(api_key) },
  json={
    'privacy_right': 'access',
    'custom': {
      "first_name": "Queen",
      "last_name": "Guinevere",
      "phone_numbers": ["555-555-1234", "555-555-5678"],
      "country": "Britain",
      "app_id": "holy_grail_app",
      "user_id": "123abc",
      "notes": "Apple Account Deletion", 
      "origin": "iOS"},
    }
    'identifiers': {
      'emails': ['guinevere@camelotknights.com']
    },
  }
)

The above command returns JSON structured like this:

{
  "id": "80edbafc-4ec6-45a0-b341-73080457890e",
  "status": "open",
  "privacy_right": "deletion",
  "dynamic_policy": [
    "CCPA"
  ],
  "identifiers": {
    "emails": [
      "guinevere@camelotknights.com"
    ]
  },
  "custom": {
    "first_name": "Queen",
    "last_name": "Guinevere",
    "phone_numbers": ["555-555-1234", "555-555-5678"],
    "country": "Britain",
    "app_id": "holy_grail_app",
    "user_id": "123abc",
    "notes": "Apple Account Deletion",
    "origin": "iOS"
  }
}

Get a Privacy Request

Returns information related to a submitted privacy request.

Endpoint

GET /privacy_requests/${id}

Parameters

Parameter	Required	Description
id	true	The ID of the privacy request. The ID is the 36 character string that is returned in the id field after creating a privacy request.

Shell

curl "https://${yourDataGrailDomain}/api/v1/privacy_requests/80edbafc-4ec6-45a0-b341-73080457890e" \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <api_key>"

Ruby

require 'HTTParty'
base_url = 'https://${yourDataGrailDomain}/api/v1'
id = '80edbafc-4ec6-45a0-b341-73080457890e'
HTTParty.get(
  "#{base_url}/privacy_requests/#{id}",
  headers: { 'Authorization' => "Bearer #{api_key}" }
)

Python

import requests
base_url = 'https://${yourDataGrailDomain}/api/v1'
id = '80edbafc-4ec6-45a0-b341-73080457890e'
requests.get(
  '{0}/privacy_requests/{1}'.format(base_url, id),
  headers={ 'Authorization': 'Bearer {}'.format(api_key) }
)

The above command returns JSON structured like this:

{
  "id": "80edbafc-4ec6-45a0-b341-73080457890e",
  "status": "open",
  "privacy_right": "deletion",
  "identifiers": {
    "emails": [
      "guinevere@camelotknights.com"
    ]
  },
  "custom": {
    "first_name": "Queen",
    "last_name": "Guinevere",
    "phone_numbers": ["555-555-1234", "555-555-5678"],
    "country": "Britain",
    "app_id": "holy_grail_app",
    "user_id": "123abc",
    "notes": "Apple Account Deletion",
    "origin": "iOS"
  }
}

Error Codes

The DataGrail API uses the following error codes:

Code	Description
400	Bad Request -- The request is invalid.
401	Unauthorized -- Your API key is incorrect or invalid.
404	Not Found -- The privacy request or route could not be found. Confirm the route or request id are correct.
422	Unprocessable Entity - The request body cannot be processed. Ensure that you're passing the correct parameters.
500	Internal Server Error -- An internal and unexpected error condition occurred.

 

Contact Us

To learn more about Platform API and availability within your current package, please reach out to your dedicated CSM or support@datagrail.io.

Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.