The Bazaarvoice Privacy API provides a secure HTTP interface for integrating Bazaarvoice into your General Data Protection Regulation (GDPR) compliance workflow. To learn more, go to the Privacy API home page.
This page describes the fundamental knowledge that you will need to use the Privacy API.
Privacy API & end-user data files
To process end-user requests you will interact with the following service components:
- Privacy API
The Privacy API presents a “REST” style HTTP interface that exposes two resources: accessRequests and forgetRequests. When an API request is made to one of these resources, the API will create the appropriate resource in our system, respond with meta-data about the resource, including the status of previous requests and, in the case of an accessRequests, the location where the end-user data files can be retrieved.
- End-user data files
The end-user data files contain the end-user’s personal data in JSON format. Unlike a traditional "REST" style API, these data files are not returned directly as a result of a request to the Privacy API. Instead, they are compressed using the ZIP format, and made accessible via a secure download URL.
Right of access
The Privacy API can be used to submit right of access requests on behalf of your end-users and to retrieve status information about previously submitted right of access requests.
In the Privacy API, right of access takes the form of an accessRequests resource.
There are three right of access related operations available:
- Create an accessRequests resource
- Query an accessRequests' status and related information
- Download end-user data
The chart to the right depicts these actions.
Learn more about the accessRequests resource at the Right of Access reference.
Right to be forgotten
The Privacy API can be used to submit right to be forgotten requests on behalf of your end-users and to retrieve status information about previously submitted right to be forgotten requests.
In the Privacy API, right to be forgotten takes the form of a forgetRequests resource.
There are two right to be forgotten related operations available:
- Create a forgetRequests resource
- Query forgetRequests' status and related information
The chart to the right depicts these actions.
Learn more about the forgetRequests resource at the Right to be Forgotten reference.
To use the Privacy API, you will need the credentials described below. Refer to the Getting access section to learn how acquire these credentials from Bazaarvoice.
|Privacy API passkeys||
These values, one for staging and one for production, will be used in every request to the Privacy API.
|OAuth2 API passkeys||
These values, one for staging and one for production, will be used in every request to the OAuth2 API. They will be identical to the Privacy API passkeys. Refer to OAuth2 Integration for more information.
|Client ID||This value will be used in every request to the OAuth2 API. Refer to OAuth2 Integration for more information.|
|Client secret||This value will be used in every request to the OAuth2 API. Refer to OAuth2 Integration for more information.|
Because the Privacy API will enable access to and deletion of end-user data, we have implemented OAuth2 to ensure that only authorized personnel have access. The steps for getting access are described below.
Developers will need to perform the following steps to use the Privacy API:
Create a Developer Portal user account
You will need a Developer Portal account to use the Privacy API. An existing account can be used or you can create one using the “Register” link at the top right. Make note of the email address associated with this account, because you will need it when registering an application.
You must create an Developer Portal account before registering an application to use the Privacy API.
Register an application with Bazaarvoice
When you register an application we will create a user with staging access for you to use while developing your application.
Continue to the Register an application below to learn more.
Only authorized users registered with our Client Portal will be able to initiate Privacy API requests in production.
Before an application is used in production, someone from the organization that owns the data will need to be given production access to the Bazaarvoice client portal.
Register an application
Contact our Support team at https://support.bazaarvoice.com to request Privacy API access.
Copy/paste the template below into your support case and then manually replace the <PLACE_HOLDER> tokens with the appropriate information.
Refer to the table below for information about each value. All values are required.
Please register an application for use with the Privacy API. DEVELOPER PORTAL USER EMAIL ADDRESS: <EMAIL_ADDRESS> DEVELOPER COUNTRY: <DEVELOPER_COUNTRY> CLIENT INSTANCE NAMES: <NAME_1>, <NAME_2>, <NAME_N> APP DISPLAY NAME: <DISPLAY_NAME> APP DESCRIPTION: <DESCRIPTION> REDIRECT URIS: <URI_1> <URI_2> <URN_N> Thanks, <SIGNATURE>
|Developer Portal user email address||
This is the email address associated with a Developer Portal account. You must have an account prior to registering an application to the Privacy API.
The country where the developer is located.
|Client instance names||
This determines to which client's data your keys will have access. Use the name(s) used to log into the Bazaarvoice Client Portal (aka: Workbench).
Ex: acme-en_us, acme-fr_fr
|App Display Name||
This is a human readable name that will be displayed to users when they grant access to your application. Refer to OAuth2 Integration for more information.
Ex: Acme Privacy App
A brief explanation of how this application will be used.
Ex: App for custom GDPR compliance dashboard.
One or more complete URLs to a resource implemented by your application. One per line. Refer to OAuth2 Integration for more information.
https://dev.example.com/privacy/app https://stg.example.com/privacy/app https://www.example.com/privacy/app
Continue to OAuth2 Integration to learn how to use 3-legged OAuth with the Privacy API.
Go to the Resource section to learn more about using the Privacy API.