The Bazaarvoice Privacy API provides a secure HTTP interface for integrating Bazaarvoice into your General Data Protection Regulation (GDPR) compliance workflow. To learn more, go to the Privacy API home page.

Contents

(+ show- hide)

This page describes how to use the forgetRequests resource to process end-user right to be forgotten requests.

URL pattern

The following example demonstrates the basic URL pattern for a right to be forgotten request:

https://[stg].api.bazaarvoicecom/privacy/forgetRequests/{id}?passkey={PRIVACY_API_PASSKEY}

Environments

The following environments are supported:

Environment Domain Description
Staging

stg.api.bazaarvoice.com/

Used while developing your application.

Production

api.bazaarvoice.com/

Used when your application is complete.

Submitting a right to be forgotten request

Create a new forgetRequests resource to trigger the deletion of an end-user's data.

HTTP POST is required.
POST https://[stg.]api.bazaarvoice.com/privacy/v1/forgetRequests?passkey{PRIVACY_API_PASSKEY} HTTP/1.1
Content-Type: application/json
Authorization: Bearer {ACCESS_TOKEN}
…

{
  "authorId": "12345678",
  "clientNames": [
    "Client-EN_GB",
    "Client-DE_DE"
  ]
}

Ellipses (...) in above example indicate that your app may generate other headers.

Parameters

Name Description Required

QueryString

passkey

Privacy API passkey

Yes

Header

Content-Type

application/json

Yes

Authorization

The Authorization value will consist of the string Bearer followed by the Oauth2 access token. Refer to Oauth2 Integration for more information.

Yes

Body

emailAddress

The end-user's email address

No *

facebookUsername

The end-user's Facebook user username

No *

twitterUsername

The end-user's Twitter username

No *

instagramUsername

The end-user's Instagram username

No *

youtubeChannelId

The end-user's YouTube channel username

No *

youtubeUsername

The end-user's YouTube channel name

No *

vimeoUsername

The end-user's Vimeo username

No *

tumblrUsername

The end-user's Tumblr username

No *

flickrUsername

The end-user's Flickr username

No *

pinterestUsername

The end-user's Pinterest username

No *

authorId

The client-controlled user identifer for Conversations submission. Also known as an "external ID". This identifier must be unique across all clients specified in the request.

No *

clientNames

List of the client names to which the request is scoped. Defaults to the list of clients to which the requester has access.

No

* At least one identifier must be included in the POST request.

Response body

Response will be a JSON object. The following demonstrates a typical response with a PENDING status:

{
  "id": "a4bd736d-a9ad-47d2-b145-27978737aac8",
  "status": "PENDING",
  "submissionTime": "2018-05-04T18:18:45.009Z",
  "clientNames": [
    "Client-DE_DE",
    "Client-EN_GB"
  ],
  "emailAddress": "some.email@example.com"
}

key/value pairs that are not applicable in all context (i.e. ‘completionTime’ for pending requests) are not returned. The downloadUrl and dataFound key/value are only present when the status is COMPLETED.

Retrieving right to be forgotten status

For a forgetRequests resource, check the status.

HTTP GET is required.

Single request

A request can be scoped to a specific resource by using that resource's ID.

GET https://[stg.]api.bazaarvoice.com/privacy/v1/forgetRequests/{id}?passkey={PRIVACY_API_PASSKEY} HTTP/1.1
Authorization: Bearer {ACCESS_TOKEN}
…

Ellipses (…) in above example indicate that your app may generate other headers.

Parameters

Name Description Required

Path

id

ID created for a given submission request.

Yes

QueryString

passkey

Privacy API passkey.

Yes

Header

Authorization

The Authorization value will consist of the string Bearer followed by the Oauth2 access token. Refer to Oauth2 Integration for more information.

Yes

Response body

The following demonstrates a typical response in the PENDING state:

{
  "id": "a4bd736d-a9ad-47d2-b145-27978737aac8",
  "status": "PENDING",
  "submissionTime": "2018-04-19T14:15:40Z",
  "dataType": "PROCESSED_DATA",
  "clientNames": [
    "Client-DE_DE",
    "Client-EN_GB"
  ],
  "authorId": "12345678"
}

The following demonstrates a typical response with the status of COMPLETED:

{
  "id": "a4bd736d-a9ad-47d2-b145-27978737aac8",
  "status": "COMPLETED",
  "submissionTime": "2018-05-04T18:18:45.009Z",
  "clientNames": [
    "Client-DE_DE",
    "Client-EN_GB"
  ],
  "emailAddress": "some.email@example.com",
  "dataFound": true,
  "completionTime":"2018-05-05T10:11:01.006Z"
}

Many Requests

The following example returns a paginated collection of all available forgetRequests resources available to the user identified by the Authorization header. This supports various query string parameters which are described below.

GET https://[stg.]api.bazaarvoice.com/privacy/v1/forgetRequests/?passkey={PRIVACY_API_PASSKEY} HTTP/1.1
Authorization: Bearer {ACCESS_TOKEN}
…

Ellipses (…) in above example indicate that your app may generate other headers.

Parameters

Name Description Required

QueryString

passkey

Privacy API passkey

Yes

Header

Authorization

The Authorization value will consist of the string Bearer followed by the Oauth2 access token. Refer to Oauth2 Integration for more information.

Yes

Identifiers

There is the notion of an identifier. These values identify an end-user on various social platforms including Bazaarvoice. Only one identifier can be used in the querystring filter. For instance, ?emailAddress=test@test.com&pinterestUsername=catlover is not available. The following are the available identifiers:

emailAddress instagramUsername vimeoUsername pinterestUsername
facebookUsername youtubeChannelId tumblrUsername authorId
twitterUsername youtubeUsername flickrUsername  

Query String Filters

Name Description
'identifier'

See discussion above.

clientName

available client instance names

completedAfter

Date in ISO format yyyy-mm-ddThh:mm:ss:SSSZ 2018-05-04T18:18:45.009Z

submittedAfter

Date in ISO format yyyy-mm-ddThh:mm:ss:SSSZ 2018-05-04T18:18:45.009Z

status

Available values: 'PENDING', 'COMPLETED'

limit

The maximum number of requests to return. If not limit is specified the default is 100

Response body

Response order will be status followed by timestamp. Requests with a PENDING status will be returned first. The secondary sort for pending requests is submissionTime descending. Requests with a status of COMPLETED will be use completionTime as the secondary sort descending.

Time is in the ISO format yyyy-mm-ddThh:mm:ss:SSSZ (2018-05-04T18:18:45.009Z)

When the response elements exceed the limit querystring parameter, a nextToken key/value is return that can be used to obtain the subsequent requests. Getting the next page users must specify nextToken with the same query parameters. On final page, nextToken will be null. "nextToken": null

The following demonstrates a typical response:

{
  "requests": [
    {
      "id": "a4bd736d-a9ad-47d2-b145-27978737aac8",
      "status": "PENDING",
      "submissionTime": "2018-05-04T18:18:45.009Z",
      …
    },
    {
      "id": "26bac6d9-df55-4685-986b-8c82f36612f9",
      "status": "PENDING",
      "submissionTime": "2018-05-04T18:18:45.009Z",
      …
    },
    {
      "id": "4c4e2af5-387d-4de3-8704-d78c634ddf94",
      "status": "COMPLETED",
      "submissionTime": "2018-05-04T18:18:45.009Z",
      "completionTime": "2018-05-04T19:11:15.009Z",
      "dataFound": true,
      …
    },
    {
      "id": "65f3a8c8-7c14-4c13-900d-f817fd650657",
      "status": "COMPLETED",
      "submissionTime": "2018-05-04T18:18:45.009Z",
      "completionTime": "2018-05-04T19:11:15.009Z",
      "dataFound": false,
      …
    },
    …
  ],
  "nextToken": "ISbvurTgnp2HSNAfyhGYn4kKSk7vQrU3g02CB6u6MTNCjuQ="
}

Errors

Please see Troubleshooting for a detailed description and solution for Privacy API errors.