GDPR / CCPA API

GDPR / CCPA API ensures all the rights of users are created or updated for GDPR / CCPA compliance. You can erase the personal data of specific users as defined under GDPR using the Erase API.

For more details on GDPR Compliance with MoEngage, refer to GDPR-Implementation.

For more details on CCPA Compliance with MoEngage, refer to CCPA-Implementation.

API Endpoint

URL
POST https://api-0X.moengage.com/v1/opengdpr_requests/<APP_ID>

Each customer is hosted on a different data center, you can find your data center number (value of X), by checking the data center and API endpoint mapping page here.

 

APP_ID

The APP_ID for your MoEngage account is available on the MoEngage Dashboard in Settings > App Settings > Account Settings > APP ID.

Request Headers

Authentication

Erase API uses basic authentication to control access to your data.

Basic authentication sends a Base64-encoded string containing username and password for all API requests.

Username and password are available at Settings > APIs > DATA API Settings.

Do the following when you are using the API for the first-time authentication:

  1. Navigate to Settings > APIs > DATA API Settings.
  2. Click Generate Key
  3. Save the details on the Data APIs settings page. User name - DATA API ID Password - DATA API KEY

For example, basic Authentication encodes a 'username:password' using base64 and prepends it with the string 'Basic '. The string is passed in the authorization header as follows:
{"Authorization":"Basic bmF2ZWVua3VtYXI6bW9lbmdhZ2U="}

d205ad9-B33zNd8vQFCkugDwITCz_Screen_Shot_2016-06-10_at_6.28.23_pm__1_.png

Authentication is performed using a client like Postman as follows:

f8a047b-postman_new_sample.png

Content-Type Header

The content-Type header is mandatory and is set to 'application/json' as follows:

JSON
{"Content-Type": "application/json"}

Request body

APP ID Header

Get the APP ID from the MoEngage dashboard under the path: Settings > App Settings > Account Settings > APP ID and send in the header as follows:

JSON
{"MOE-APPKEY" :"<APP ID>"}

Request body

There is a max limit of 100kb per request.

Request Body Fields

Key Description Mandatory
request_type This is used to request for GDPR details or request to erase the GDPR details Yes
submitted_time This identifies the time when the request was sent Yes
identities This provides the details of the user such as email address, phone number, and so on Yes
api_version This identifies the API version used to send the GDPR request. Yes
id This is the unique identifier of a registered user. No
user_secondary_id This is the secondary identifier of a registered user. No
email This is the user email of an unregistered user. No
mobile This is the user mobile of an unregistered user. No
google_advertising_id This is the android device GAID of an unregistered user. No
advertising_identifier This is the iOS device IDFA of an unregistered user No

Response

The response is a JSON object.

GDPR request success

On a successful call, the response is as follows:

JSON
{
  "status": "success",
  "message": "Your request has been accepted and will be processed soon.",
  "request_id": "a7551968-d5d6-44b2-9831-815ac9017798"
}

Example

The following example describes the request to erase personal data.

Text
{
 "request_type":"erasure",
 "submitted_time":"2018-10-05T15:00:00Z",
 "identities":[
   {
      "identity_type":"email",
      "identity_value":"johndoe@example.com"
   }
 ],
 "api_version":"1.0"
}

 

Was this article helpful?
0 out of 0 found this helpful