Submit multiple data subject requests in a single call. Each item targets a workflow configuration; request type and data subject class are derived from that config rather than specified in the request body.
The response returns the full created-request shape for each item in requests, including resolved partition and workflowConfig fields.
NOTE: This feature requires that you have migrated to workflows. See the Workflows quickstart guide.
POST
/v1/data-subject-request-bulkIn your request headers, pass authorization: Bearer <<token>>.
If you're self-hosting Sombra, also add the request header x-sombra-authorization: Bearer <<sombraInternalKey>>. You can read more about request authorization here.
Requires scope:
Submit New Data Subject Request
authorizationstringAn API key generated from the Transcend dashboard: https://app.transcend.io/infrastructure/api-keys. |
x-sombra-authorizationstringThe Sombra internal key. This header is only needed for self-hosted Sombra gateways. See https://docs.transcend.io/docs/dsr-automation/api-integration/authentication#authenticating-to-sombra |
content-typestringSpecify content-type: application/json for a JSON response from the Transcend API. |
application/json
inputarray<object>(required)One or more DSRs to submit. |
Request Body Examples
Submit new Access DSR:
{
"input": [
{
"workflowConfigId": "b2c3d4e5-f6a7-8901-bcde-f12345678901",
"attestedAuthContext": {
"coreIdentifier": "id-123456789",
"email": "user@example.com"
}
}
]
}Submit new Access DSR with partition:
{
"input": [
{
"workflowConfigId": "b2c3d4e5-f6a7-8901-bcde-f12345678901",
"attestedAuthContext": {
"coreIdentifier": "id-123456789",
"email": "user@example.com"
},
"partitionKey": "eu-west-1"
}
]
}Restart existing DSR with identifier strategy:
{
"input": [
{
"workflowConfigId": "b2c3d4e5-f6a7-8901-bcde-f12345678901",
"requestId": "e096a801-75bd-4296-ae6a-7c2553510500",
"restartIdentifierStrategy": "PRESERVE_ALL_VERIFICATIONS",
"attestedAuthContext": {
"coreIdentifier": "id-123456789",
"email": "user@example.com"
}
}
]
}Submit multiple DSRs:
{
"input": [
{
"workflowConfigId": "b2c3d4e5-f6a7-8901-bcde-f12345678901",
"attestedAuthContext": {
"coreIdentifier": "id-123456789",
"email": "user@example.com"
},
"partitionKey": "eu-west-1"
},
{
"workflowConfigId": "c3d4e5f6-a7b8-9012-cdef-123456789012",
"attestedAuthContext": {
"coreIdentifier": "id-987654321",
"email": "other@example.com"
}
}
]
}Submit new Erasure DSR with extra identifiers:
{
"input": [
{
"workflowConfigId": "c3d4e5f6-a7b8-9012-cdef-123456789012",
"attestedAuthContext": {
"coreIdentifier": "id-123456789",
"email": "user@example.com",
"emailIsVerified": true,
"attestedExtraIdentifiers": {
"email": [
{
"value": "another-email@example.com"
}
],
"custom": [
{
"value": "mbrook",
"name": "username"
}
]
}
}
}
]
}200 (OK)
application/jsonThe requests were successfully submitted to Transcend to be processed. Each element of `requests` includes the resolved `partition` and `workflowConfig` for that item, along with `type` and `subjectType` derived from the workflow config.
Response Body
requestsarray<object>(required) |
Response Body Examples
Sample response body:
{
"requests": [
{
"id": "da13d328-3f9d-40d5-9312-9f4fcf3ad0d2",
"status": "COMPILING",
"type": "ACCESS",
"subjectType": "customer",
"email": null,
"coreIdentifier": "id-123456789",
"isSilent": false,
"isTest": false,
"replyToEmailAddresses": [],
"country": null,
"countrySubDivision": null,
"partition": null,
"attributeValues": [],
"workflowConfig": {
"id": "b2c3d4e5-f6a7-8901-bcde-f12345678901",
"internalName": "GDPR Access Request",
"workflowConfigType": "DSR",
"workflowConfigVisibility": "PUBLISHED"
},
"link": "https://app.transcend.io/privacy-requests/incoming-requests/da13d328-3f9d-40d5-9312-9f4fcf3ad0d2"
}
]
}Sample response body with partition:
{
"requests": [
{
"id": "da13d328-3f9d-40d5-9312-9f4fcf3ad0d2",
"status": "COMPILING",
"type": "ACCESS",
"subjectType": "customer",
"email": null,
"coreIdentifier": "id-123456789",
"isSilent": false,
"isTest": false,
"replyToEmailAddresses": [],
"country": null,
"countrySubDivision": null,
"partition": {
"id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"name": "Production EU",
"partition": "eu-west-1"
},
"attributeValues": [],
"workflowConfig": {
"id": "b2c3d4e5-f6a7-8901-bcde-f12345678901",
"internalName": "GDPR Access Request",
"workflowConfigType": "DSR",
"workflowConfigVisibility": "PUBLISHED"
},
"link": "https://app.transcend.io/privacy-requests/incoming-requests/da13d328-3f9d-40d5-9312-9f4fcf3ad0d2"
}
]
}Multiple requests with mixed partitions:
{
"requests": [
{
"id": "da13d328-3f9d-40d5-9312-9f4fcf3ad0d2",
"status": "COMPILING",
"type": "ACCESS",
"subjectType": "customer",
"email": null,
"coreIdentifier": "id-123456789",
"isSilent": false,
"isTest": false,
"replyToEmailAddresses": [],
"country": null,
"countrySubDivision": null,
"partition": {
"id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"name": "Production EU",
"partition": "eu-west-1"
},
"attributeValues": [],
"workflowConfig": {
"id": "b2c3d4e5-f6a7-8901-bcde-f12345678901",
"internalName": "GDPR Access Request",
"workflowConfigType": "DSR",
"workflowConfigVisibility": "PUBLISHED"
},
"link": "https://app.transcend.io/privacy-requests/incoming-requests/da13d328-3f9d-40d5-9312-9f4fcf3ad0d2"
},
{
"id": "e096a801-75bd-4296-ae6a-7c2553510500",
"status": "COMPILING",
"type": "ERASURE",
"subjectType": "customer",
"email": null,
"coreIdentifier": "id-987654321",
"isSilent": false,
"isTest": false,
"replyToEmailAddresses": [],
"country": null,
"countrySubDivision": null,
"partition": null,
"attributeValues": [],
"workflowConfig": {
"id": "c3d4e5f6-a7b8-9012-cdef-123456789012",
"internalName": "GDPR Erasure Request",
"workflowConfigType": "DSR",
"workflowConfigVisibility": "PUBLISHED"
},
"link": "https://app.transcend.io/privacy-requests/incoming-requests/e096a801-75bd-4296-ae6a-7c2553510500"
}
]
}400 (Bad Request)
application/jsonWhile this request passed authentication, the input is malformed. Please double-check that your code conforms to our API specification.
401 (Unauthorized)
application/jsonThere was a problem authenticating your request. This may be an issue with the Transcend API key ("authorization" header), or the Sombra API key ("x-sombra-authorization" header used for self-hosted gateways only).
413 (Request Entity Too Large)
application/jsonThe request body is too large. JSON and raw bodies must be less than 50MB. URL encoded bodies must be less than 30MB.
429 (Too Many Requests)
The request was throttled due to exceeding our rate limit. By default, all customers are limited to 100,000 requests per day, after which customers are allowed 60 requests per minute. You can increase this limit by contacting Transcend support.
Response Headers
Retry-Afterinteger |
X-RateLimit-Limitinteger |
X-RateLimit-Remaininginteger |
X-RateLimit-Resetinteger |
500 (Internal Server Error)
application/jsonA 5xx error means there is either an issue with your self-hosted gateway, or a Transcend server is having issues. You check our system status at status.transcend.io. Please reach out to Transcend support if you're experiencing this error.
502 (Bad Gateway)
application/jsonAn upstream service on Transcend's side is having issues. You check our system status at status.transcend.io. Please reach out to Transcend support if you're experiencing this error.