The Bazaarvoice Privacy API provides a secure HTTP interface for integrating Bazaarvoice into your General Data Protection Regulation (GDPR) compliance workflow. To learn more, go to the Privacy API home page.

Contents

(+ show- hide)

This page describes the fundamental knowledge that you will need to use the Privacy API.

Privacy API & end-user data files

To process end-user requests you will interact with the following service components:

Privacy API

The Privacy API presents a “REST” style HTTP interface that exposes two resources: accessRequests and forgetRequests. When an API request is made to one of these resources, the API will create the appropriate resource in our system, respond with meta-data about the resource, including the status of previous requests and, in the case of an accessRequests, the location where the end-user data files can be retrieved.

End-user data files

The end-user data files contain the end-user’s personal data in JSON format. Unlike a traditional "REST" style API, these data files are not returned directly as a result of a request to the Privacy API. Instead, they are compressed using the ZIP format, and made accessible via a secure download URL.

Usage

Right of access

The Privacy API can be used to submit right of access requests on behalf of your end-users and to retrieve status information about previously submitted right of access requests.

In the Privacy API, right of access takes the form of an accessRequests resource.

There are three right of access related operations available:

  1. Create an accessRequests resource
  2. Query an accessRequests' status and related information
  3. Download end-user data

The chart to the right depicts these actions.

Learn more about the accessRequests resource at the Right of Access reference.

Right to be forgotten

The Privacy API can be used to submit right to be forgotten requests on behalf of your end-users and to retrieve status information about previously submitted right to be forgotten requests.

In the Privacy API, right to be forgotten takes the form of a forgetRequests resource.

There are two right to be forgotten related operations available:

  1. Create a forgetRequests resource
  2. Query forgetRequests' status and related information

The chart to the right depicts these actions.

Once a forgetRequests resource is created, it cannot be cancelled. In the event an end-user requests right of access and right to be forgotten at the same time, you must process the right of access request first.

Learn more about the forgetRequests resource at the Right to be Forgotten reference.

Required credentials

To use the Privacy API, you will need the credentials described below. Refer to the Getting access section to learn how acquire these credentials from Bazaarvoice.

Credential Description
Privacy API passkeys

These values, one for staging and one for production, will be used in every request to the Privacy API.

OAuth2 API passkeys

These values, one for staging and one for production, will be used in every request to the OAuth2 API. They will be identical to the Privacy API passkeys. Refer to OAuth2 Integration for more information.

Client ID This value will be used in every request to the OAuth2 API. Refer to OAuth2 Integration for more information.
Client secret This value will be used in every request to the OAuth2 API. Refer to OAuth2 Integration for more information.

Getting access

Because the Privacy API will enable access to and deletion of end-user data, we have implemented OAuth2 to ensure that only authorized personnel have access. The steps for getting access are described below.

Steps

Developers will need to perform the following steps to use the Privacy API:

  1. Create a Developer Portal user account

    You will need a Developer Portal account to use the Privacy API. An existing account can be used or you can create one using the “Register” link at the top right. Make note of the email address associated with this account, because you will need it when registering an application.

    You must create an Developer Portal account before registering an application to use the Privacy API.

  2. Register an application with Bazaarvoice

    To use OAuth you must register an application with Bazaarvoice. This is the application you build that will use the Privacy API. Refer to OAuth2 Integration for more information.

    When you register an application we will create a user with staging access for you to use while developing your application.

    Continue to the Register an application below to learn more.

Additional step for non-developers

Only authorized users registered with our Client Portal will be able to initiate Privacy API requests in production.

Before an application is used in production, someone from the organization that owns the data will need to be given production access to the Bazaarvoice client portal.

Register an application

Contact our Support team at https://support.bazaarvoice.com to request Privacy API access.

Copy/paste the template below into your support case and then manually replace the <PLACE_HOLDER> tokens with the appropriate information or click here to use an interactive template generator and then copy/paste the completed template into your support case.

Refer to the table below for information about each value. All values are required.

Please register an application for use with the Privacy API.

DEVELOPER PORTAL USER EMAIL ADDRESS: <EMAIL_ADDRESS>
DEVELOPER COUNTRY: <DEVELOPER_COUNTRY>
CLIENT INSTANCE NAMES: <NAME_1>, <NAME_2>, <NAME_N>

APP DISPLAY NAME: <DISPLAY_NAME>

APP DESCRIPTION:
<DESCRIPTION>

REDIRECT URIS:
<URI_1>
<URI_2>
<URN_N>

Thanks,

<SIGNATURE>
The email address associated with your Developer Portal account.
The country where the developer is located.
This determines to which client's data your keys will have access. Use the name(s) used to log into the Bazaarvoice Client Portal (aka: Workbench).
A human readable name that will be displayed to users when they grant access to you application. Refer to OAuth2 Integration for more information.
A brief explanation of how this application will be used.
One or more complete URLs to a resource implemented by your application. Refer to OAuth2 Integration for more information.
Cancel
Developer Portal user email address

This is the email address associated with a Developer Portal account. You must have an account prior to registering an application to the Privacy API.

Developer country

The country where the developer is located.

Client instance names

This determines to which client's data your keys will have access. Use the name(s) used to log into the Bazaarvoice Client Portal (aka: Workbench).

Ex: acme-en_us, acme-fr_fr

App Display Name

This is a human readable name that will be displayed to users when they grant access to your application. Refer to OAuth2 Integration for more information.

Ex: Acme Privacy App

App Description

A brief explanation of how this application will be used.

Ex: App for custom GDPR compliance dashboard.

Redirect URIs

One or more complete URLs to a resource implemented by your application. One per line. Refer to OAuth2 Integration for more information.

https://dev.example.com/privacy/app
https://stg.example.com/privacy/app
https://www.example.com/privacy/app

Next

Continue to OAuth2 Integration to learn how to use 3-legged OAuth with the Privacy API.

Go to the Resource section to learn more about using the Privacy API.