Introduction

The Ometria data anonymization and deletion request API allow you to:

  • Submit requests for individuals personal data to be anonymized
  • Check status of anonymization requests submitted via this API or inside the Ometria application
  • Checking status of GDPR Data anonymization request

Contents

Lifecycle of a GDPR Data anonymization request

A data anonymization request can be submitted either by a user of the Ometria application ("in app") or via API request. Once a request is received it is processed within 14 days and any personal data associated with that individual's identity is removed or anonymized.

Rate limiting

Note that the GDPR data anonymization request is designed for GDPR related objectioned raised by individuals. It is not designed for large scale data deletion. As a result, the API is rate limited to a maximum of 1 request per second.

GDPR Methods

List GDPR Requests

Create new GDPR data anonymization request

Get details of specific GDPR related data anonymization request

GDPR Objects

DataDeletionRequest

DataDeletionSubmission


List GDPR related data anonymization requests

Path

GET /data-deletion-requests

Description

Returns previously filed GDPR related data anonymization requests and their status.

200 OK Array< DataDeletionRequest>

An array of data anonymization objects.

403 Forbidden

API key is not authorised to access this resource.

Response Example (200 OK)

[
  {
    "action": "anonymise",
    "comment": "Some comment",
    "id": "a8c53a39-e0fc-462c-b5fa-907fe70a4174",
    "identities": [
      {
        "hashed_email": "3af31748a10ef8bd28ce7620c25fe18d@anonymous.ometria"
      }
    ],
    "source": {
      "api_request_id": "a8c53a39-e0fc-462c-b5fa-907fe70a4174",
      "origin": "api",
      "user": {
        "email": "user@user.com",
        "name": "A user"
      }
    },
    "summary": "1 contact record anonymised, 15 events anonymise",
    "timestamp_completed": "2017-02-04 10:18:12.833949+00",
    "timestamp_created": "2017-02-02 10:18:12.833949+00"
  }
]

Create new GDPR data anonymization request

Path

POST /data-deletion-requests

Description

Create new or update an existing order

Request Body

DataDeletionSubmission

The email address of the individual who had requested anonymization

Request Example

{
  "action": "anonymise",
  "comment": "Some comment",
  "email_address": "someone@domain.com"
}

Response

200 OK DataDeletionRequest

GDPR data anonymization request object successfully created

403 Forbidden

API key is not authorised to access this resource

Response Example (200 OK)

{
  "action": "anonymise",
  "comment": "Some comment",
  "id": "a8c53a39-e0fc-462c-b5fa-907fe70a4174",
  "identities": [
    {
      "hashed_email": "3af31748a10ef8bd28ce7620c25fe18d@anonymous.ometria"
    }
  ],
  "source": {
    "api_request_id": "a8c53a39-e0fc-462c-b5fa-907fe70a4174",
    "origin": "api",
    "user": {
      "email": "user@user.com",
      "name": "A user"
    }
  },
  "summary": "1 contact record anonymised, 15 events anonymise",
  "timestamp_completed": "2017-02-04 10:18:12.833949+00",
  "timestamp_created": "2017-02-02 10:18:12.833949+00"
}

Get details of specific GDPR related data anonymization request

Path

GET /data-deletion-requests/{id}

Description

Returns details and status of GDPR related data anonymization request by its ID.

Request Parameters

id

The request ID

typestring
inquery

Response

200 OK DataDeletionRequest

A data anonymization object.

403 Forbidden

API key is not authorised to access this resource.

404 Not Found

Data anonymization request with specified ID was not found

Response Example (200 OK)

{
  "action": "anonymise",
  "comment": "Some comment",
  "id": "a8c53a39-e0fc-462c-b5fa-907fe70a4174",
  "identities": [
    {
      "hashed_email": "3af31748a10ef8bd28ce7620c25fe18d@anonymous.ometria"
    }
  ],
  "source": {
    "api_request_id": "a8c53a39-e0fc-462c-b5fa-907fe70a4174",
    "origin": "api",
    "user": {
      "email": "user@user.com",
      "name": "A user"
    }
  },
  "summary": "1 contact record anonymised, 15 events anonymise",
  "timestamp_completed": "2017-02-04 10:18:12.833949+00",
  "timestamp_created": "2017-02-02 10:18:12.833949+00"
}

DataDeletionRequest: object

Describes a GDPR related data anonymization request

ValueTypeDescriptionRequired
idstring

The request ID


commentstring

User supplied comment text included in the initial request


timestamp_createdstring (date-time)Date and time of request being filed. Following ISO 8601 dateTime format with timezone offset YYYY-MM-DDThh:mm:ss+Z.
timestamp_completedstring (date-time)Date and time of request being processed. Following ISO 8601 dateTime format with timezone offset YYYY-MM-DDThh:mm:ss+Z.
actionstring {anonymise}

The action to take on this individual's data. The only supported value currently is "anonymise"


summarystring

A textual summary of the records found and modified after processing.


sourceobject

A summary of where the request originated, e.g. from with the application or via API.


identitiesarray

A list of hashed email addresses that represent the identities of individuals processed in this request.


Example

{
  "action": "anonymise",
  "comment": "Some comment",
  "id": "a8c53a39-e0fc-462c-b5fa-907fe70a4174",
  "identities": [
    {
      "hashed_email": "3af31748a10ef8bd28ce7620c25fe18d@anonymous.ometria"
    }
  ],
  "source": {
    "api_request_id": "a8c53a39-e0fc-462c-b5fa-907fe70a4174",
    "origin": "api",
    "user": {
      "email": "user@user.com",
      "name": "A user"
    }
  },
  "summary": "1 contact record anonymised, 15 events anonymise",
  "timestamp_completed": "2017-02-04 10:18:12.833949+00",
  "timestamp_created": "2017-02-02 10:18:12.833949+00"
}


DataDeletionSubmission: object

GDPR related data anonymization request submission

ValueTypeDescriptionRequired
email_addressstring

Email address of individual who requested anonymization

Required
commentstring

Optional user supplied comment text


actionstring {anonymise}

The action to take on this individual's data. The only supported value currently is "anonymise"

Required

Example

{
  "action": "anonymise",
  "comment": "Some comment",
  "email_address": "someone@domain.com"
}