Frequently Asked questions regarding Privacy API integration.

What happens if the Client Name is not mentioned on a Privacy API call?

Field clientNames is not mentioned on the API call

Request is raised against all the client instances mapped for that portal user.

What is the life of Oauth token?

An OAuth Token is valid until 55 minutes from it is created/requested

I am having trouble authenticating.

Most client problems during integration relate to the OAuth component. Luckily, we now offer 2-legged OAuth, which makes it much easier to integrate than 3-legged OAuth. If you encounter problems with a client using 3-legged OAuth, you should suggest they switch to 2-legged. You can find the docs for Privacy OAuth at the following link, and you should be as familiar as possible with them:

Oauth2 Integration

How long do Privacy requests take to complete?

Typically it gets processed within 14 days, but most privacy requests process much more quickly, as shown in the following table.

Type of RequestAverage Processing Time
Right of Access requests with data2-3 days
Right of Access requests with third-party sampling dataSeveral days
Right of Access requests without data,
Right to be Forgotten requests
A few hours

What do I do with the ZIP file that the Privacy API returns?

This ZIP file is meant to be handed directly to consumers. However, most of our clients transform the content of the ZIP file. Inside each ZIP file there is a directory for each client instance in the request. Within each directory, there is a group of JSON files. The exact number of JSON files depends on how the consumer interacted with BV systems (for example, if they left reviews and questions, but didn't leave comments and answers, the JSON files will reflect this). Read more at ROA Data Format


Note: We currently only offer a ZIP download with directories and JSON files. In the near future, the Privacy API will likely offer a CSV/XLSX download as well.