GDPR requests

WebEngage provides APIs which enable you to comply with GDPR requests of your users. Using these APIs, you can perform the following actions:

  1. Request to export user data, erase user data, restrict data processing or to re-enable processing of user data.
  2. Retrieve the status of a particular GDPR request.
  3. Cancel a particular GDPR request in case it is in Pending state.

POST: /opengdpr_requests

METHOD
POST

DESCRIPTION
Export user data, erase user data, restrict data processing or re-enable processing of user data.

URL STRUCTURE

https://api.webengage.com/v1/accounts/<YOUR_WEBENGAGE_LICENSE_CODE>/opengdpr_requests

AUTHENTICATION
User Authentication

EXAMPLE

curl -X POST https://api.webengage.com/v1/accounts/<YOUR_WEBENGAGE_LICENSE_CODE>/opengdpr_requests \
    --header 'Authorization: Bearer <YOUR_API_KEY>' \
    --header 'Content-Type: application/json' \
    --data '{
		"subject_request_id":"a7551968-d5d6-44b2-9831-815ac90177879",
		"subject_request_type":"erasure",
		"subject_identities":[{
				"identity_type":"cuid",
				"identity_value":"1519021150"}]
}'

Make sure you replace YOUR_WEBENGAGE_LICENSE_CODE with your WebEngage license code and YOUR_API_KEY with your WebEngage API key.

PARAMETERS

{
	"subject_request_id":"a7551968-d5d6-44b2-9831-815ac90177879",
	"subject_request_type":"erasure",
	"subject_identities":[{
		"identity_type":"cuid",
		"identity_value":"1519021150"}]
}
Parameter
Type
Description
Is mandatory

subject_request_id

String

This should be a unique ID for each request.

Yes

subject_request_type

String

This can be one of the following values:
erasure: If requesting to delete the user profile.
restriction: If requesting to restrict the processing of the user profile.
re-enable: If requesting to re-enable the processing of the user profile.
portability: If requesting to export the user profile.

Yes

subject_identities

Array

Request for only one user can be placed per API call. This array accepts only one value: User ID of known users which can be found on the user profile page.

Yes

Erasure action CANNOT be undone. It will PERMANENTLY remove users which may cause discrepancies in your data.

Important: If you delete a user by mistake, you can cancel the request within 7 days (the request remains in Pending state for these 7 days). After 7 days this data will be permanently destroyed.

RETURNS
201 Created

{
	"subject_request_id":"a7551968-d5d6-44b2-9831-815ac90177879",
	"subject_request_type":"erasure",
	"message": "erasure request registered"
}

In case the subject_request_type is portability, the user's profile is embedded in the response body.

ERRORS
400 Bad request: If the JSON body is of incorrect format, the subject_request_id is not unique or if the identity_value in the request is not a known user's ID.
500 Server error: Unforeseen service issues

GET: /opengdpr_requests/{requestId}

METHOD
GET

DESCRIPTION
Retrieve the status of a particular GDPR request.

URL STRUCTURE

https://api.webengage.com/v1/accounts/<YOUR_WEBENGAGE_LICENSE_CODE>/opengdpr_requests/{requestId}

AUTHENTICATION
User Authentication

EXAMPLE

curl -X POST https://api.webengage.com/v1/accounts/<YOUR_WEBENGAGE_LICENSE_CODE>/opengdpr_requests/{requestId} \
    --header 'Authorization: Bearer <YOUR_API_KEY>' \
    --header 'Content-Type: application/json'

Make sure you replace YOUR_WEBENGAGE_LICENSE_CODE with your WebEngage license code and YOUR_API_KEY with your WebEngage API key.

RETURNS
200 OK

{
	"subject_request_id":"a7551968-d5d6-44b2-9831-815ac90177879",
	"subject_request_type":"erasure",
	"status": "PENDING"
}

status can be one of PENDING, PROCESSING, DONE or CANCELLED.

ERRORS
404 Not Found: GDPR request not found
500 Server error: Unforeseen service issues

DELETE: /opengdpr_requests/{requestId}

METHOD
DELETE

DESCRIPTION
Cancel a particular GDPR request. Request can only be cancelled if it is in the Pending state.

URL STRUCTURE

https://api.webengage.com/v1/accounts/<YOUR_WEBENGAGE_LICENSE_CODE>/opengdpr_requests/{requestId}

AUTHENTICATION
User Authentication

EXAMPLE

curl -X POST https://api.webengage.com/v1/accounts/<YOUR_WEBENGAGE_LICENSE_CODE>/opengdpr_requests/{requestId} \
    --header 'Authorization: Bearer <YOUR_API_KEY>' \
    --header 'Content-Type: application/json'

Make sure you replace YOUR_WEBENGAGE_LICENSE_CODE with your WebEngage license code and YOUR_API_KEY with your WebEngage API key.

RETURNS
200 OK

{
	"subject_request_id":"a7551968-d5d6-44b2-9831-815ac90177879",
	"subject_request_type":"erasure",
	"message": "request cancelled"
}

If the request is already completed, the response body will convey that with appropriate message.

ERRORS
400 Bad request: If the request status is not Pending
404 Not Found: GDPR request not found
500 Server error: Unforeseen service issues

GDPR requests