A high level application design reference to give a clearer context on how the Privacy API functions
Privacy API and End-User data files
To process end-user requests, the following service components are needed:
Privacy API : The Privacy API presents a “REST” style HTTP interface that exposes two resources: accessRequests and forgetRequests. When an API request is made to one of these resources, the API will create the appropriate resource in our system, respond with meta-data about the resource, including the status of previous requests and, in the case of an accessRequests, the location where the end-user data files can be retrieved.
End User Data Files
All the relevant data to Social Commerce Client would be available in the ZIP folder with the prefix as Curalate
The end-user data files contain the end-user’s personal data in JSON and CSV format. Unlike a traditional "REST" style API, these data files are not returned directly as a result of a request to the Privacy API. Instead, they are compressed using the ZIP format, and made accessible via a secure download URL.
Usage
Social Commerce client's request (via Portal Privacy App or Privacy API 3-legged) will also be processed by Bazaarvoice Privacy API.
Right of Access (ROA)
The Privacy API can be used to submit right of access requests on behalf of your end-users and to retrieve status information about previously submitted right of access requests.
There are three Right of Access related operations available:
- Create an accessRequests resource
- Query an accessRequests' status and related information
- Download end-user data
The chart below depicts these actions:
Learn more about the Access Requests resource at the API reference page for Privacy.
Right to be Forgotten (RTBF)
The Privacy API can be used to submit right to be forgotten requests on behalf of your end-users and to retrieve status information about previously submitted right to be forgotten requests.
In the Privacy API, right to be forgotten takes the form of a forgetRequests resource.
There are two right to be forgotten related operations available:
- Create a forgetRequests resource
- Query forgetRequests' status and related information
The chart below depicts these actions.
Once a forgetRequests resource is created, it cannot be cancelled. In the event an end-user requests right of access and right to be forgotten at the same time, you must process the right of access request first.
Learn more about the forgetRequests please navigate to Right to be Forgotten API reference
Required Credentials
To use the Privacy API, you will need the credentials described below. Refer to the Requesting API keys topic to learn how to acquire these credentials from Bazaarvoice.
| Credential | Description |
|---|---|
| Privacy API passkeys | These values, one for staging and one for production, will be used in every request to the Privacy API. |
| OAuth2 API passkeys | These values, one for staging and one for production, will be used in every request to the OAuth2 API. They will be identical to the Privacy API passkeys. Refer to OAuth2 Integration for more information |
| Client ID | This value will be used in every request to the OAuth2 API. Refer to OAuth2 Integration for more information. Refer to OAuth2 Integration for more information. |
| Client Secret | This value will be used in every request to the OAuth2 API. Refer to OAuth2 Integration for more information. Refer to OAuth2 Integration for more information. |
| Privacy Manager role in Bazaarvoice Portal (3-legged Only) | The Bazaarvoice Portal user that grants access to your application must have the Privacy Manager role. This role is assigned when you register your application. |
| Staging and production access to Bazaarvoice client instances (3-Legged Only) | The Bazaarvoice Portal user that grants access to your application must have access to the staging and production environments for the client instances that you want the application to process privacy requests for. This access is granted when you register your application. |