Privacy Design Reference
Privacy API: Integrate your Bazaarvoice solution into your privacy regulations compliance workflow using a secure HTTP interface
Privacy API and End-User data files
To process end-user requests, the following service components are needed:
Privacy API : The Privacy API presents a “REST” style HTTP interface that exposes two resources: accessRequests and forgetRequests. When an API request is made to one of these resources, the API will create the appropriate resource in our system, respond with meta-data about the resource, including the status of previous requests and, in the case of an accessRequests, the location where the end-user data files can be retrieved.
End User Data Files:
All the relevant data to Social Commerce Client would be available in the ZIP folder with the prefix as Curalate
The end-user data files contain the end-user’s personal data in JSON and CSV format. Unlike a traditional "REST" style API, these data files are not returned directly as a result of a request to the Privacy API. Instead, they are compressed using the ZIP format, and made accessible via a secure download URL.
Usage
Social Commerce client's request (via Portal Privacy App or Privacy API 3-legged) will also be processed by Bazaarvoice Privacy API.
Right of Access (ROA)
The Privacy API can be used to submit right of access requests on behalf of your end-users and to retrieve status information about previously submitted right of access requests.
There are three Right of Access related operations available:
- Create an accessRequests resource
- Query an accessRequests' status and related information
- Download end-user data
The chart below depicts these actions:
Learn more about the Access Requests resource at the API reference page for Privacy.
Right to be Forgotten (RTBF)
The Privacy API can be used to submit right to be forgotten requests on behalf of your end-users and to retrieve status information about previously submitted right to be forgotten requests.
In the Privacy API, right to be forgotten takes the form of a forgetRequests resource.
There are two right to be forgotten related operations available:
- Create a forgetRequests resource
- Query forgetRequests' status and related information
The chart below depicts these actions.
Once a forgetRequests resource is created, it cannot be cancelled. In the event an end-user requests right of access and right to be forgotten at the same time, you must process the right of access request first.
Learn more about the forgetRequests please navigate to Right to be Forgotten API reference
Required Credentials
To use the Privacy API, you will need the credentials described below. Refer to the Requesting API keys topic to learn how to acquire these credentials from Bazaarvoice.
Credential | Description |
---|---|
Privacy API passkeys | These values, one for staging and one for production, will be used in every request to the Privacy API. |
OAuth2 API passkeys | These values, one for staging and one for production, will be used in every request to the OAuth2 API. They will be identical to the Privacy API passkeys. Refer to OAuth2 Integration for more information. |
Client ID | This value will be used in every request to the OAuth2 API. Refer to OAuth2 Integration for more information. Refer to OAuth2 Integration for more information. |
Client Secret | This value will be used in every request to the OAuth2 API. Refer to OAuth2 Integration for more information. Refer to OAuth2 Integration for more information. |
Privacy Manager role in Bazaarvoice Portal (3-legged Only) | The Bazaarvoice Portal user that grants access to your application must have the Privacy Manager role. This role is assigned when you register your application. |
Staging and production access to Bazaarvoice client instances (3-Legged Only) | The Bazaarvoice Portal user that grants access to your application must have access to the staging and production environments for the client instances that you want the application to process privacy requests for. This access is granted when you register your application. |
Updated 26 days ago
Complete the steps in the Requesting API keys topic to obtain API keys.
Continue to OAuth2 Integration to learn how to use 3-legged OAuth with the Privacy API.
Navigate to API Reference section to learn more about using the Privacy API.
Check out Tools to access interactive tools and applications that help you work with the Privacy API. the steps in the Requesting API keys topic to obtain API keys.