GDPR / CCPA API ensures all the rights of users are created or updated for GDPR / CCPA compliance. You can erase the personal data of specific users as defined under GDPR using the Erase API.
For more details on GDPR Compliance with MoEngage, refer to GDPR-Implementation.
For more details on CCPA Compliance with MoEngage, refer to CCPA-Implementation.
API Endpoint
POST https://api-0X.moengage.com/v1/opengdpr_requests/<Workspace_ID>
The 'X' in the API Endpoint URL refers to the MoEngage Data Center (DC). MoEngage hosts each customer in a different DC. You can find your DC number (value of X) and replace the value of 'X' in the URL by referring to the DC and API endpoint mapping here.
info |
Note The Workspace_ID for your MoEngage account is available on the MoEngage Dashboard in Settings > App Settings > Account Settings > Workspace ID. |
Request Headers
Authentication
Erase API uses basic authentication to control access to your data.
The API request will be authenticated through Basic Authentication. Basic Authentication sends a Base64-encoded string containing your username and password with every API request. It encodes a 'username:password' string in Base64 and appends the encoded string with 'Basic '. This string is included in the authorization header as shown below:
{"Authorization: Basic Base64_ENCODED_APPKEY_APIKEY=="}
The username and password details can be obtained from the MoEngage Dashboard. We've revamped the settings UI in the Dashboard. If you're using the API for the first time, follow these steps for the revamped and old UIs:
Revamped UI
- Navigate to Settings -> Account -> APIs.
- Click Generate Key in the Data tile in the API Keys section, and click Save.
- Use the Workspace ID as the username and the Data API Key as the password to generate the authentication header.
Old UI
- Navigate to Settings -> APIs -> DATA API Settings.
- Click Generate Key.
- Click Save on the Data APIs settings section.
- Use the DATA API ID as the username and the DATA API KEY as the password to generate the authentication header.
Authentication is performed using a client like Postman as follows:
Content-Type Header
The content-Type header is mandatory and is set to 'application/json' as follows:
{"Content-Type": "application/json"}
Request body
APP ID Header
Get the Workspace ID from the MoEngage dashboard as explained in the Authentication section and send in the header as follows:
{"MOE-APPKEY" :"<Workspace ID>"}
Request body
There is a max limit of 100kb per request.
Request Body Fields
Key | Description | Mandatory |
---|---|---|
request_type | This is used to request for GDPR details or request to erase the GDPR details | Yes |
submitted_time | This identifies the time when the request was sent | Yes |
identities | This provides the details of the user such as email address, phone number, and so on | Yes |
api_version | This identifies the API version used to send the GDPR request. | Yes |
id | This is the unique identifier of a registered user. | No |
user_secondary_id | This is the secondary identifier of a registered user. | No |
This is the user email of an unregistered user. | No | |
mobile | This is the user mobile of an unregistered user. | No |
google_advertising_id | This is the android device GAID of an unregistered user. | No |
advertising_identifier | This is the iOS device IDFA of an unregistered user | No |
Response
The response is a JSON object.
GDPR request success
On a successful call, the response is as follows:
{
"status": "success",
"message": "Your request has been accepted and will be processed soon.",
"request_id": "a7551968-d5d6-44b2-9831-815ac9017798"
}
Example
The following example describes the request to erase personal data.
{
"request_type":"erasure",
"submitted_time":"2018-10-05T15:00:00Z",
"identities":[
{
"identity_type":"email",
"identity_value":"johndoe@example.com"
}
],
"api_version":"1.0"
}
FAQs
-
Can multiple users be deleted using this API?
Multiple users can be deleted using this API in a single payload. Multiple users can be passed as array elements in the payload.
-
What is the maximum size of the request payload?
The maximum payload size is 128 KB. If this limit is exceeded, a 413 error response will be sent.
-
What happens when an email ID that is associated with multiple users is passed for deletion using this API?
If multiple users have the same email ID and that email ID is passed in the payload for an erasure request, all the users associated with the email ID will be deleted.