Didomi - Developers documentation
  • Introduction
  • SDKs
    • Introduction
    • Web SDK
      • Getting started
      • Tags and vendors management
        • Tags management
          • Events & Variables
            • Deprecated
            • Custom events
          • Tag managers
            • Adobe Launch/DTM
            • Eulerian
            • Google Tag Manager
              • Configure the Didomi / GTM integration
              • Didomi's GTM template
            • Tealium
            • Other tag managers
        • Custom Didomi <script> tags
        • Third-party integrations
          • Google Ad Manager / AdSense
            • GDPR via Non-Personalized Ads
              • Share consent and load/refresh ads
              • Share consent without loading or refreshing ads
            • US states laws
          • Google Consent Mode V2
          • Kameleoon
          • Piano Analytics (AT Internet)
          • Prebid
            • GDPR via IAB TCF
            • US states laws
          • Salesforce DMP (Krux)
        • IAB frameworks
        • Programmatic API
      • Configuration
        • Bots (SEO & Performance tools)
        • Configuration by URL
        • Cookies and storage
        • Custom domains for events
        • Notice
          • Behavior
          • Interactions
          • Look and feel
        • Preferences
        • Theme
      • AB tests
      • Custom domain
        • Domain delegation
        • Reverse proxy
      • Share consents between domains
      • Share consents across devices
      • Pass user choices in query string
      • Serve Didomi assets from your domain
      • Reference
        • API
          • Deprecated
        • Events
      • Performance
      • Versions
    • Mobile and TV SDKs
      • Android and Android TV
        • Setup
        • Logging
        • Reference
          • API
            • Deprecated
          • Events
        • Versions
      • iOS and tvOS
        • Setup
        • Logging
        • App Tracking Transparency (iOS 14.5+)
        • Reference
          • API
            • Deprecated
          • Events
        • Versions
      • Unity
        • Setup
        • Reference
        • Versions
        • Troubleshooting
      • React Native
        • Setup
        • Reference
          • Deprecated
        • Versions
      • Flutter
        • Setup
        • Reference
        • Versions
      • Consent notice
        • Getting started
        • Customize the notice
        • Customize the preferences popup
        • Customize the theme & UI
        • Load notice by ID
      • Third-party SDKs
      • Share consents across devices
      • Share consent with WebViews
      • Google Consent Mode v2
      • FAQ
    • AMP SDK
      • Blocking Behaviors
        • Load immediately on page load
        • Load only after consent (positive or negative)
        • Load only after positive consent
      • Consent status for vendors
    • Help & Support
  • API
    • Introduction
      • Authentication
      • Errors
      • Pagination
      • Filters
      • Caching
      • Rate limiting
      • Quotas
      • Translations
    • Data Manager
      • Regulations
      • Configuration Tree
      • Purposes
        • Purposes & Vendors Numerical IDs
      • Preferences Library
      • User Rights
    • Widgets
      • Consent notices
        • Notices
        • Configurations
        • Multi-Regulation Configurations
          • Migration of Existing Notices and API Updates
        • Deployments
        • Tutorials
          • Create and publish a consent notice
          • Create and publish a multi-regulation consent notice
      • Privacy widgets
        • Create a widget
        • Retrieve widgets
        • Edit a widget
          • Content & Design
            • Themes & Shapes
            • Components
              • auth
              • dsar_form
              • footer
              • header
              • preference
              • preference_value
              • save
              • section
              • sections
            • Options
          • Purposes & preferences
          • Settings
        • Deploy a Widget
          • Use your own subdomain
          • Use your own domain
          • Implement an embeddable widget on your website
        • Authentication
          • Manage authentication providers
          • Authenticate your end-user
        • Archive a widget
        • Headless widgets
          • Public Methods
          • Custom elements
          • Custom events
          • Event listeners
        • Tutorial
          • Launch a Preference Center from a mobile app
    • Compliance Reports
      • Properties
      • Reports
      • CSV format reference
      • Websites
    • Consents and Preferences
      • Events
        • Generate IAB TCF consent string
      • Links
      • Proofs
      • Tokens
      • Secrets
      • Users
      • Tutorial
        • Collect and operate data
    • Privacy Requests
      • Requests
      • Notes
      • Links
      • Emails
  • Integrations
    • Introduction
      • Quotas
    • Generic integrations
      • Batch export
        • Destinations
          • AWS S3 Bucket (owned by Didomi)
          • GCP Storage Bucket
        • Exported data
          • Notices consents
        • Logs
      • Webhooks
      • Batch import
      • Analytics export
        • Destinations
          • AWS S3 Bucket (owned by Didomi)
          • GCP Storage Bucket
    • Third-party apps
      • CMP integrations
        • Didomi-mParticle integration for your CMP
        • Deploy Didomi’s SDK for your Adobe Commerce website
      • Preference Management Platform integrations
        • Actito
        • Adobe Campaign Classic
        • Adobe Experience Cloud
        • Adobe Marketo Engage
        • Adobe Source Connector
        • Braze
        • Dotdigital
        • Hubspot
        • Mailchimp
        • Microsoft Dynamics 365
        • Salesforce Marketing Cloud
        • Salesforce Sales & Service Cloud
        • Selligent
        • Brevo (ex Sendinblue)
    • Tutorials
      • Configure a HTTP webhook
      • Configure a batch export
      • Configure an analytics export
    • Emailing
      • Configurations
        • Actito Email
        • Actito SMS
        • Adobe Campaign Classic
        • Adobe Campaign Standard
      • Emails
        • Templates
        • Manage your templates
Powered by GitBook
On this page
  • Create a Request
  • Country
  • Create a Request with approval workflow
  • Update a Request
  • Query a list of Requests
  1. API
  2. Privacy Requests

Requests

PreviousPrivacy RequestsNextNotes

Last updated 1 year ago

A Requests refers to a Data Subject Request that is a important facet of privacy laws like GDRP in Europe or CPRA in California. Most of the privacy laws give certain data rights to consumers like right of access or deletion.

The /dsar/requests endpoint of the API exposes the requests managed by Didomi for your organization. For a full reference of the endpoint and the resources that it returns, visit .

Create a Request

When end-users want to express one of their rights, you can create a request to register the end-user application by calling the endpoint POST /dsar/requests.

POST https://api.didomi.io/dsar/requests?organization_id={{organization_id}}

{
    "organization_user_id": "organization_user_id",
    "user_right_id": "cpra_access_my_data",
    "status": "verified",
    "request_fields": [
        {
            "field_id": "email",
            /**
            * This value is required to send emails to the end-user
            */             
            "value": "email@address.com"
        }
    ],
    /**
    * Fill in the user property in order to set user's information at its creation. 
    * If no user exists with the organization_user_id provided,
    * Didomi will be creating this new user on your behalf 
    * with data provided in user property
    */     
    "user": {
        "email": "email@address.com",
        "metadata": {},
        "id": "String",
        "country": "String"
    },
    "source": {
        "type": "DSAR",
        "country": "String"
    }   
}
Entity
Type
Mandatory
Description

organization_user_id

String

Yes

ID of your end-user. An email is recommended so our system can send emails to your end-users each time you change the request status.

user_right_id

Enum

Yes

ID of the User Right activated by the end-user. Value should be of the following cpra_access_my_data, cpra_delete_my_data or cpra_opt_out.

status

Enum

Yes

Status of the Privacy Request. Status can be either unverified, verified, work_in_progress, fulfilled, archived, refused.

request_fields

Array

No

Group of additional fields that can be requested to the end-user to submit a Privacy Request. Includes email authentication field that needs to be filled in with end-user email address. This will allow our system to send them emails while you are proceeding with the request.

source.type

String

Yes

Type of widget from which the request has been created (for a privacy request, type will always be DSAR).

Country

When a privacy request is created from a Privacy request widget, our SDK will apply the end-user location to the created request. You can reproduce the same workflow when using Didomi API by setting the country property either in user or source entity.

Property
Type
Mandatory
Description

user.country

String

No

It corresponds to the user country. If the user does not exist yet in Didomi DB, we will create it and apply the value of user.country to the country property in Users ressource.

source.country

String

No

It corresponds to the country from where the request has been formulated. You can attach a country to a request by setting source.country.

Create a Request with approval workflow

Didomi supports email approval method where a request needs to be approved before being considered as verified. To require identity confirmation, you can set the status to unverified and this will send an email to the user after he submitted the request.

To create a request with approval workflow, you can send a POST request on /dsar/requests and set the status to unverified.

POST https://api.didomi.io/dsar/requests?organization_id={{organization_id}}

{
    "organization_user_id": "organization_user_id",
    "user_right_id": "cpra_access_my_data",
    "status": "unverified",
    "request_fields": [
        {
            "field_id": "email",
            /**
            * This value is mandatory to use Didomi as the sender of communication 
            * with your end-users throughout the whole request process.
            * For instance, it will send confirmation identity email to your end-user
            * if the status is set to unverified while creating the request
            */   
            "value": "email@address.com"
        }
    ],
    "source": {
        "type": "DSAR"
    }
}

Update a Request

You can update requests in order to match the actual state of the request within your processing workflow or to attach further information to your request.

To update request, you can send a PATCH request on /dsar/requests/{id}.

💡 When updating a request, we authorized edition only for status, metadata and extra_message_variables properties. 

PATCH https://api.didomi.io/dsar/requests/{id}

{
    "status": "NEW STATUS",
    "metadata": {},
    "extra_message_variables": {
        "download_link": "YOUR LINK"
    }    
}

Provide a download link to your end-user by filling in the property download_link while you are updating the status of a data access request to fulfilled.

Query a list of Requests

To fetch the list of Privacy Requests of your organization, you can send a GET request on https://api.didomi.io/dsar/requests.

GET https://api.didomi.io/dsar/requests?organization_id={{organization_id}}

[
    {
        "id": "String",
        "created_at": "Date",
        "updated_at": "Date",
        "organization_id": "String",
        "organization_user_id": "String",
        "status": "String",
        "metadata": {},
        "source_id": "String",
        "validation_id": "String",
        "user_right_id": "String",
        "regulation_id": "String",
        "expires_at": "Date",
        "domain": null,
        "source": {
            "id": "String",
            "created_at": "Date",
            "updated_at": "Date",
            "type": "DSAR",
            "key": null,
            "deployment_id": null,
            "country": "String"
        },
        "validation": {
            "id": "String",
            "created_at": "Date",
            "updated_at": "Date",
            "type": "email",
            "approve_url": "String"
        },
        "request_fields": [
            {
                "id": "String",
                "created_at": "Date",
                "updated_at": "Date",
                "request_id": "String",
                "field_id": "email",
                "value": "String",
                "field": {
                    "id": "email",
                    "created_at": "Date",
                    "updated_at": "Date",
                    "organization_id": null,
                    "user_right_id": null,
                    "label": {
                        "en": "Email address *"
                    },
                    "placeholder": {
                        "en": "Enter your email address"
                    },
                    "description": {
                        "en": "In order to proceed ..."
                    },
                    "hint": {
                        "en": "We are the responsible party ..."
                    },
                    "type": "email",
                    "usage": "auth",
                    "validations": [
                        "required",
                        "email"
                    ],
                    "subscribers": [
                        "trim_value",
                        "to_lower_case"
                    ]
                }
            }
        ]
    }
]

You can also query a specific request by ID. To fetch a request, you can send a GET request on https://api.didomi.io/dsar/requests/{{id}}.

https://api.didomi.io/docs/