Transcend

The Transcend Guide to Privacy

Welcome to the Transcend Docs. You'll find comprehensive guides and documentation to help you start working with Transcend as quickly as possible, as well as support if you get stuck. Let's jump right in!

Guides    API Reference

Connect a Server: HTTP API

Connect your own server and database to Transcend.

Connect data from any server to Transcend via our HTTP API. You can set up a webhook that will notify your server of a new Data Subject Request (DSR).

You'll need to write code that involves HTTP requests and database lookups.

TODO split into api ref

Getting Started

  1. Go to your Data Map and click Add Data Silo
  2. Select Server
  3. Give your server a title (e.g. "User Accounts")
  4. Click Connect
  5. Get your API key and store it securely (or add the data silo to an existing API key)

Fulfill an access request (DSAR)

When a DSAR is received, Transcend automatically compiles data across your data silos. For data you control in your databases, we send your server a webhook notification, and your server then POSTs data to our API.

When a DSAR is received Transcend will send your server some identifying info (e.g. email) about the requestor via webhooks. After receiving and verifying the webhook, Your server should look up any matching records, or "profiles", and send them to Transcend.

POST https://api.transcend.io/v0/upload

request_id

String

This is the data subject request ID, which is retrieved from the webhook

data_silo_id

String

This is the ID of the data silo that you are responding to.

profiles

Array

A list of JSON objects with keys profile_id and profile_data. Your server may find one profile for the data subject, several profiles for the data subject, or none at all. Therefore, profiles is an array that can be of any length.

profiles[i].profile_id

String

A unique identifier for this profile

profiles[i].profile_data

Object

An arbitrary JSON object with the data payload. The keys of the JSON should match the datapoint keys you defined for this data silo.

status

String

The status to set this data silo to. One of pending or ready. If you are uploading with multiple requests, you should set this to pending. Defaults to ready.

const request = require('request');

request.post('https://api.transcend.io/v0/upload', {
  headers: {
    Authorization: ''
  },
  body: {
    request_id: '5e34c589-761c-22b8-85fb-7d1504cf7b8c', // Retrieved from the webhook,
    data_silo_id: '7d48e4c3-8578-4296-ba36-36297d3b2869', // Found on data silo page or from webhook
    profiles: [{
      profile_id: 'ben.farrell',
      profile_data: {
        name: 'Ben Farrell',
        score: 3.8,
        interests: 'Privacy Tech',
      }
    }]
  },
  json: true
});
import json
import urllib2

data = {
    'request_id': '5e34c589-761c-22b8-85fb-7d1504cf7b8c',
    'profiles': [{
      'profile_id': 'ben.farrell',
      'profile_data': {
				'name': 'Ben Farrell',
        'score': 3.8,
        'interests': 'Privacy Tech'
      }
    }]
}

req = urllib2.Request('https://api.transcend.io/v0/upload')
req.add_header('Content-Type', 'application/json')
req.add_header('Authorization', '')

response = urllib2.urlopen(req, json.dumps(data))
curl -X POST "https://api.transcend.io/v0/upload" \
  -H "Authorization: " \
  -H "Content-Type: application/json" \
  -d "{
    request_id: '5e34c589-761c-22b8-85fb-7d1504cf7b8c',
    profiles: [{
      profile_id: 'ben.farrell',
      profile_data: {
				name: 'Ben Farrell',
        score: 3.8,
        interests: 'Privacy Tech'
      }
    }]
  }"

Be sure to authenticate your request

Include your data silo's API key. This is separate from your organization's API key. Read more about authenticating with the Transcend API.

Fulfill an Erasure Request (DSER)

When a DSER is received, Transcend sends your server a webhook notification, and your server then deletes data from your own databases. When your server is done, it should notify Transcend about which profiles were erased.

POST https://api.transcend.io/v0/erasure-response
Parameter
Type
Description

request_id

String

This is the data subject request ID, which is retrieved from the webhook.

data_silo_id

String

This is the ID of the data silo that you are responding to.

profiles

Array

A list of JSON objects with key profile_id

profiles[i].profile_id

String

A unique identifier for this profile

const request = require('request');

request.post('https://api.transcend.io/v0/erasure-response', {
  headers: {
    Authorization: ''
  },
  body: {
    request_id: '5e34c589-761c-22b8-85fb-7d1504cf7b8c', // Retrieved from the webhook,
    data_silo_id: '7d48e4c3-8578-4296-ba36-36297d3b2869', // Found on data silo page or from webhook
    profiles: [{ // Profiles without the data
      profile_id: 'ben.farrell',
    }]
  },
  json: true
});
import json
import urllib2

data = {
    'request_id': '5e34c589-761c-22b8-85fb-7d1504cf7b8c',
    'data_silo_id': '7d48e4c3-8578-4296-ba36-36297d3b2869',
    'profiles': [{
      'profile_id': 'ben.farrell',
    }]
}

req = urllib2.Request('https://api.transcend.io/v0/erasure-response')
req.add_header('Content-Type', 'application/json')
req.add_header('Authorization', '')

response = urllib2.urlopen(req, json.dumps(data))
curl -X POST "https://api.transcend.io/v0/erasure-response" \
  -H "Authorization: " \
  -H "Content-Type: application/json" \
  -d "{
    request_id: '5e34c589-761c-22b8-85fb-7d1504cf7b8c',
    data_silo_id: '7d48e4c3-8578-4296-ba36-36297d3b2869',
    profiles: [{
      profile_id: 'ben.farrell',
    }],
  }"

Webhooks

In order for your server to know there's a new data subject request, it should be notified by receiving a webhook. You can set up as many webhooks as you like by adding additional Server data silos. This is especially useful when you have many microservices.

Receiving a webhook

Receive a webhook by creating an HTTP endpoint that receives a POST request. Then, set up the webhook by going to Data Map, selecting your Server data silo, clicking Connection Settings, and entering your endpoint URL.

The webhook will be a POST request with some data in the body:

{
  "type": "access",
  "identifiers": {
    "first_name": "Ben",
    "last_name": "Farrell",
    "email": "benfarrell@gmail.com"
  },
  "request_id": "5e34c589-761c-22b8-85fb-7d1504cf7b8c",
  "data_silo_id": "7d48e4c3-8578-4296-ba36-36297d3b2869",
  "status": "compiling",
  "is_test": false,
  "organization_id": ""
}
Attribute
Type
Description

type

String

The type of DSR. One of access, erasure, portability, rectification, objection, or restriction

identifiers

Object

An object containing the form inputs on the DSR form on your Privacy Center. Often it includes an email address and name, but can include any custom inputs you specify for your DSR form.

request_id

String

The ID of the incoming DSR

data_silo_id

String

The ID of the data silo being notified.

status

Boolean

The current stage of the request

is_test

Boolean

Whether this is a test request or not (if not, it's a real DSR coming from the Privacy Center)

organization_id

String

The unique ID for your organization

Security Tip: always verify the webhook's JWT

Make sure the webhook notification came from Transcend by verifying that the x-transcend-token header is signed by Transcend, and matches the body. If it doesn't match, you should ignore the request. [Aut Read more.


Connect a Server: HTTP API


Connect your own server and database to Transcend.

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.