Using the API for Privacy Requests
These endpoints enable Transcend customers to complete an end-to-end data subject (DSR) request (such as ACCESS or ERASURE) on behalf of their users.
These endpoints can be used in combination with or in lieu of Configuring the Privacy Center.
This flow can be achieved end-to-end via four endpoints:
All of the examples below demonstrate how to access Transcend with our default encryption configuration: multi-tenant Sombra.
In order to use these endpoints with a self-hosted Sombra instance, add the x-sombra-authorization
header to requests and change the base URL from https://multi-tenant.sombra.transcend.io
to your gateway's URL.
To initiate a data subject request use this endpoint.
When isSilent
is set to true
, the subject -> email
field can be omitted. When this field is set to false, an email address is required in order to send the data subject updates about their DSR. |
Value | Description |
---|---|
ARCHIVED | All data has been archived and only necessary records are kept around |
APPROVING | The request is compiled and awaiting review before send |
CANCELED | The request was canceled and the data subject was notified |
COMPILING | The request begins compiling across the organization's integrations, specific to the actions requested |
COMPLETED | The request has been approved and sent to the data subject with no secondary action |
DELAYED | The primary action (i.e. ACCESS) has been sent to the data subject and the request is delayed until the secondary action (i.e. ERASURE) is executed |
DOWNLOADABLE | The request is in a state where the data subject report zip can be downloaded |
ENRICHING | The request identifiers have been verified and they are enriched to create other identifiers |
FAILED_VERIFICATION | The data subject failed to verify at least one of the identifiers provided |
ON_HOLD | The request is temporarily placed on hold |
REQUEST_MADE | A data subject has submitted a DSR |
REVOKED | The request was revoked because it was a duplicate (another open request covers it) |
SECONDARY | The secondary request action begins compiling across the organization's integrations (i.e. ERASURE) |
Once a DSR has been submitted, it will take some time to complete. The status of the DSR can be accessed via the following endpoint.
Requests with a status
of APPROVING
, DOWNLOADABLE
, or COMPLETED
have finished compiling data across your integrations and have files available for download and review, if there are any. Requests can be marked as completed once in the COMPLETED
state, or for requests that require a secondary action (e.g. erasure requests), once in the SECONDARY_COMPLETED
state.
Once the status of the original DSR indicates there are files available to download, it is possible to get a list of these files for download.
Endpoint: Get the files to download
GET
/v1/data-subject-request/{id}/download-keys
With the downloadKey
in hand, it is possible to download the files generated by the DSR.