Transcend sends a notification that kicks of a manual workflow. The webhook will include a link to the set of requests in this batch. This is the webhook that is set under the "Email Automation" tab for an AVC data silo.
We recommend listening on a path such as /webhooks/transcend/manual-privacy-request-job
.
POST
to the webhook URL you specify in your integration settings
Request Authorization
Verify the Sombra token, which is a JWT asymmetrically signed with the ES384 algorithm, and can be found on the request header x-sombra-token
. Read this guide for information on how to get Transcend's public key and verify the signature.
Header Parameters
x-sombra-token string A token used for webhook authentication, containing a JSON Web Token (JWT) asymetrically signed with the ES384 algorithm. |
x-transcend-nonce string A token sent in Transcend's webhook for this job, and returned by you when uploading the result of this job back to Transcend. |
Request Body
application/json
type string min-length:1 (required) enum:"ACCESS" | "ERASURE" | "RECTIFICATION" | "RESTRICTION" | "BUSINESS_PURPOSE" | "PLACE_ON_LEGAL_HOLD" | "REMOVE_FROM_LEGAL_HOLD" | "AUTOMATED_DECISION_MAKING_OPT_OUT" | "USE_OF_SENSITIVE_INFORMATION_OPT_OUT" | "CONTACT_OPT_OUT" | "SALE_OPT_OUT" | "TRACKING_OPT_OUT" | "CUSTOM_OPT_OUT" | "AUTOMATED_DECISION_MAKING_OPT_IN" | "USE_OF_SENSITIVE_INFORMATION_OPT_IN" | "SALE_OPT_IN" | "TRACKING_OPT_IN" | "CONTACT_OPT_IN" | "CUSTOM_OPT_IN" The type of DSR received. Only the request types you enable in Transcend will be sent. If your system does not need to perform the operation, you can configure the workflow such that the webhook is never sent for a particular request type in the Manager Datapoints on the Integrations page. |
completionLink string min-length:1 (required) The unique URL for the set of DSRs in this batch. |
template object (required) The email template that is tied to the manual notification describing the actions that need to be taken. |
extras object (required) |
Request Body Examples
Receive an access request:
{ "type": "ACCESS", "completionLink": "https://app.transcend.io/bulk-requests?communicationId=c628ca01-79ca-445d-b810-b0b9815e85b8&dataSiloId=79e67d5f-558b-4ba7-bd36-b8f30de867f7&requestType=ACCESS", "template": { "id": "819a14fe-a2ec-4789-b269-a1116cb27c5d", "title": "Automated Vendor Coordination", "template": "<p>Prompt a Person - created at 2022-07-31 06:51:13 team,</p>\n<p>Please be advised that we have received a request for Access on behalf of one or more data subject(s) pursuant to the data privacy regulations in their respective territory.</p>\n<p>The data subject(s) made this request with the following identifier(s) attached. </p>\n<p>Please confirm receipt of this email and that you will take the relevant action in your systems to fulfill this request within 7 days by responding here and/or confirming at the following link: https://yo.com:3000/bulk-requests?communicationId=cc15703c-5dfb-45a8-9742-495427c66dae&dataSiloId=79e67d5f-558b-4ba7-bd36-b8f30de867f7</p>\n<p>Thank you,</p>\n<p>Transcend Team </p>\n", "subject": "Transcend Request(s) for Access of Data Subject(s) Pursuant to Data Privacy Laws" }, "extras": { "requests": [ { "id": "b020c531-5328-4135-b0b4-e85d099da942", "createdAt": "2023-03-12T10:10:48.040Z", "dataSubject": { "id": "c7619a33-26b5-4850-8226-125b6afeed2b", "type": "customer", "title": "Customer" } }, { "id": "8152a359-7631-4fe4-8215-709e4e17464c", "createdAt": "2023-03-11T10:10:48.040Z", "dataSubject": { "id": "f8948521-7d34-42a5-bf76-5e1f9a872ce1", "type": "employee", "title": "Employee" } } ], "organization": { "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08", "uri": "e-shop-it", "name": "eShopIt" }, "dataSilo": { "id": "12dd1fd8-b310-4712-ba6b-0e2e29ecd2ac", "title": "My Custom integration", "description": "Our production application backend. Calls a function that exports or deletes a user from our service.", "link": "https://app.transcend.io/infrastructure/connected-services/configuration/12dd1fd8-b310-4712-ba6b-0e2e29ecd2ac" } } }
Receive an erasure request:
{ "type": "ERASURE", "completionLink": "https://app.transcend.io/bulk-requests?communicationId=dd6c1f2e-d5ed-4d5c-804b-0259a37b7e9c&dataSiloId=79e67d5f-558b-4ba7-bd36-b8f30de867f7&requestType=ERASURE", "template": { "id": "819a14fe-a2ec-4789-b269-a1116cb27c5d", "title": "Automated Vendor Coordination", "template": "<p>Prompt a Person - created at 2022-07-31 06:51:13 team,</p>\n<p>Please be advised that we have received a request for Erasure on behalf of one or more data subject(s) pursuant to the data privacy regulations in their respective territory.</p>\n<p>The data subject(s) made this request with the following identifier(s) attached. </p>\n<p>Please confirm receipt of this email and that you will take the relevant action in your systems to fulfill this request within 7 days by responding here and/or confirming at the following link: https://yo.com:3000/bulk-requests?communicationId=dd6c1f2e-d5ed-4d5c-804b-0259a37b7e9c&dataSiloId=79e67d5f-558b-4ba7-bd36-b8f30de867f7</p>\n<p>Thank you,</p>\n<p>Transcend Team </p>\n", "subject": "Transcend Request(s) for Erasure of Data Subject(s) Pursuant to Data Privacy Laws" }, "extras": { "requests": [ { "id": "b020c531-5328-4135-b0b4-e85d099da942", "createdAt": "2023-03-12T10:10:48.040Z", "dataSubject": { "id": "c7619a33-26b5-4850-8226-125b6afeed2b", "type": "customer", "title": "Customer" } }, { "id": "8152a359-7631-4fe4-8215-709e4e17464c", "createdAt": "2023-03-11T10:10:48.040Z", "dataSubject": { "id": "f8948521-7d34-42a5-bf76-5e1f9a872ce1", "type": "employee", "title": "Employee" } } ], "organization": { "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08", "uri": "e-shop-it", "name": "eShopIt" }, "dataSilo": { "id": "12dd1fd8-b310-4712-ba6b-0e2e29ecd2ac", "title": "My Custom integration", "description": "Our production application backend. Calls a function that exports or deletes a user from our service.", "link": "https://app.transcend.io/infrastructure/connected-services/configuration/12dd1fd8-b310-4712-ba6b-0e2e29ecd2ac" } } }
Response
200 (OK)
application/json
The webhook was received successfully. No response body is required. Typically, your job will run async, so the output of your job can be reported through a separate API request from your system to Transcend. In this case, Transcend will expect a follow up API request at some point in the future. If no job is received after some time, the webhook will be retried. The retry rate is variable but normally within 24 hours. You can optionally include a `status` in the response body, which transitions the request to that state. Note: if you want to specify an email template, you will have to follow up using one of the asynchronous routes.
Response Body
status string min-length:1 enum:"CANCELED" | "ON_HOLD" If your preflight check can respond immediately, you can respond directly to this webhook to either cancel the request entirely or place the request on hold and pause further processing. If your preflight check is async, then omit this field, and instead follow up asynchronously through a separate API request. |
204 (No Content)
application/json
The job was received and no work needs to be done. Transcend should not expect a follow up response in the future. The job will be marked as SKIPPED and the webhook will not be retried.
400 (Bad Request)
application/json
Any 4xx error code indicates that your system failed receive our webhook. Transcend will retry the webhook up to 5 times, once per hour. After 5 attempts, you will have to go into the Admin Dashboard to manually restart the request.