# User Rights

The User Rights correspond to the rights automatically granted to data subjects who live in a state or country that has passed a data privacy law. End-users must typically take some action, such as submitting a Privacy Request, to exercise their data rights.

The `/dsar/user-rights` endpoint of the API exposes the `user-rights` managed by Didomi for your organization. For a full reference of the endpoint and the resources that it returns, visit<https://api.didomi.io/docs/>.

The `/dsar/user-rights` endpoint grants read access only as these User Rights are handled by Didomi and created with Regulations accordingly. Currently, Didomi API supports only 3 rights (More to be supported soon).

| Right                     | Regulation | Expiration time | ID                    |
| ------------------------- | ---------- | --------------- | --------------------- |
| Right of access           | CPRA       | 45 days         | `cpra_access_my_data` |
| Right of deletion         | CPRA       | 45 days         | `cpra_delete_my_data` |
| Right to opt-out of sales | CPRA       | 15 days         | `cpra_opt_out`        |

## List all User Rights

In order to create a Request, you need to specify the User Right the end-user is expressing. To do so, you need to fetch the User Rights and use the ID of the one formulated by the end-user.

To fetch all User Rights, you can send a GET request on `https://api.didomi.io/dsar/user-rights`.

```json
[
      {
          "id": "ccpa_access_my_data",
          "created_at": "Date",
          "updated_at": "Date",
          "label": {
              "en": "I want to access my data"
          },
          "title": {
              "en": "Request to access my data"
          },
          "description": {
              "en": "You can request to access a copy of your personal information that we have in our database."
          },
          "name": "Right of access",
          "regulation_id": "ccpa",
          "expiration_time": 45
      },
      {
          "id": "ccpa_delete_my_data",
          "created_at": "Date",
          "updated_at": "Date",
          "label": {
              "en": "I want to delete my data"
          },
          "title": {
              "en": "Request to delete my data"
          },
          "description": {
              "en": "You can request the deletion of all of your personal information we have in our database. Please note that by fulfilling such a request we will permanently delete your account and you will have no access to our services anymore."
          },
          "name": "Right of deletion",
          "regulation_id": "ccpa",
          "expiration_time": 45
      },
      {
          "id": "ccpa_opt_out",
          "created_at": "Date",
          "updated_at": "Date",
          "label": {
              "en": "I want to opt-out"
          },
          "title": {
              "en": "Request to opt-out"
          },
          "description": {
              "en": "You can request that third parties stop selling your personal data."
          },
          "name": "Right to opt-out of sales",
          "regulation_id": "ccpa",
          "expiration_time": 15
      }
]
```