GDPR / CCPA API ensures all the rights of users are created or updated for GDPR / CCPA compliance. You can erase the personal data of specific users as defined under GDPR using the Erase API.
For more details on GDPR Compliance with MoEngage, refer to GDPR-Implementation.
For more details on CCPA Compliance with MoEngage, refer to CCPA-Implementation.
API Endpoint
POST https://api-0X.moengage.com/v1/opengdpr_requests/<APP_ID>The 'X' in the API Endpoint URL refers to the MoEngage Data Center (DC). MoEngage hosts each customer in a different DC. You can find your DC number (value of X) and replace the value of 'X' in the URL by referring to the DC and API endpoint mapping here.
| info |
Note The APP_ID for your MoEngage account is available on the MoEngage Dashboard in Settings > App Settings > Account Settings > APP ID. |
Request Headers
Authentication
Erase API uses basic authentication to control access to your data.
Basic authentication sends a Base64-encoded string containing username and password for all API requests.
Username and password are available at Settings > APIs > DATA API Settings.
Do the following when you are using the API for the first-time authentication:
- Navigate to Settings > APIs > DATA API Settings.
- Click Generate Key
- Save the details on the Data APIs settings page. User name - DATA API ID Password - DATA API KEY
For example, basic Authentication encodes a 'username:password' using base64 and prepends it with the string 'Basic '. The string is passed in the authorization header as follows:
{"Authorization":"Basic bmF2ZWVua3VtYXI6bW9lbmdhZ2U="}
Authentication is performed using a client like Postman as follows:
Content-Type Header
The content-Type header is mandatory and is set to 'application/json' as follows:
{"Content-Type": "application/json"}Request body
APP ID Header
Get the APP ID from the MoEngage dashboard under the path: Settings > App Settings > Account Settings > APP ID and send in the header as follows:
{"MOE-APPKEY" :"<APP ID>"}Request body
There is a max limit of 100kb per request.
Request Body Fields
| Key | Description | Mandatory |
|---|---|---|
| request_type | This is used to request for GDPR details or request to erase the GDPR details | Yes |
| submitted_time | This identifies the time when the request was sent | Yes |
| identities | This provides the details of the user such as email address, phone number, and so on | Yes |
| api_version | This identifies the API version used to send the GDPR request. | Yes |
| id | This is the unique identifier of a registered user. | No |
| user_secondary_id | This is the secondary identifier of a registered user. | No |
| This is the user email of an unregistered user. | No | |
| mobile | This is the user mobile of an unregistered user. | No |
| google_advertising_id | This is the android device GAID of an unregistered user. | No |
| advertising_identifier | This is the iOS device IDFA of an unregistered user | No |
Response
The response is a JSON object.
GDPR request success
On a successful call, the response is as follows:
{
"status": "success",
"message": "Your request has been accepted and will be processed soon.",
"request_id": "a7551968-d5d6-44b2-9831-815ac9017798"
}Example
The following example describes the request to erase personal data.
{
"request_type":"erasure",
"submitted_time":"2018-10-05T15:00:00Z",
"identities":[
{
"identity_type":"email",
"identity_value":"johndoe@example.com"
}
],
"api_version":"1.0"
}