Privacy API: Integrate your Bazaarvoice solution into your privacy regulations compliance workflow using a secure HTTP interface.
Right to be Forgotten
The Bazaarvoice Privacy API provides a secure HTTP interface for integrating Bazaarvoice into your privacy regulations compliance workflow. To learn more, go to the Privacy API home page.
Contents
This page describes how to use the forgetRequests resource to process end-user right to be forgotten requests.
URL pattern
The following example demonstrates the basic URL pattern for a right to be forgotten request. Go to the Tools section to access interactive tools and applications that help you work with the Privacy API.
https://[stg].api.bazaarvoicecom/privacy/forgetRequests/{id}?passkey={PRIVACY_API_PASSKEY}
Environments
The following environments are supported:
| Environment | Domain | Description |
|---|---|---|
| Staging |
|
Used while developing your application. |
| Production |
|
Used when your application is complete. |
Submitting a right to be forgotten request
Create a new forgetRequests resource to trigger the deletion of an end-user's data. Note that you cannot submit a forget request for an end user if an existing Right of Access or Right to be Forgotten request for the same end user is still pending.
POST https://[stg.]api.bazaarvoice.com/privacy/v1/forgetRequests?passkey{PRIVACY_API_PASSKEY} HTTP/1.1
Content-Type: application/json
Authorization: Bearer {ACCESS_TOKEN}
…
{
"authorId": "12345678",
"clientNames": [
"Client-EN_GB",
"Client-DE_DE"
]
}
Ellipses (...) in above example indicate that your app may generate other headers.
Parameters
| Name | Description | Required |
|---|---|---|
QueryString |
||
passkey |
Privacy API passkey |
Yes |
Header |
||
Content-Type |
application/json |
Yes |
Authorization |
The Authorization value will consist of the string |
Yes |
Body |
||
emailAddress |
The end-user's email address |
No * |
facebookUsername |
The end-user's Facebook user username |
No * |
twitterUsername |
The end-user's Twitter username |
No * |
instagramUsername |
The end-user's Instagram username |
No * |
youtubeChannelId |
The end-user's YouTube channel username |
No * |
youtubeUsername |
The end-user's YouTube channel name |
No * |
vimeoUsername |
The end-user's Vimeo username |
No * |
tumblrUsername |
The end-user's Tumblr username |
No * |
flickrUsername |
The end-user's Flickr username |
No * |
pinterestUsername |
The end-user's Pinterest username |
No * |
authorId |
The client-controlled user identifier for Conversations submission. Also known as an "external ID". This identifier must be unique across all clients specified in the request. |
No * |
phoneNumber |
The end-user's phoneNumber. Phone number should start with a '+' sign, followed by digits without any spaces or characters. It cannot contain more than 15 digits.
|
No * |
clientNames |
List of the client names to which the request is scoped. Defaults to the list of clients to which the requester has access. |
No |
* At least one identifier must be included in the POST request.
Response body
Response will be a JSON object. The following demonstrates a typical response with a PENDING status:
{
"id": "a4bd736d-a9ad-47d2-b145-27978737aac8",
"status": "PENDING",
"submissionTime": "2018-05-04T18:18:45.009Z",
"clientNames": [
"Client-DE_DE",
"Client-EN_GB"
],
"emailAddress": "some.email@example.com"
}
Key/value pairs that are not applicable in all context (i.e. ‘completionTime’ for pending requests) are not returned. The downloadUrl and dataFound key/value pairs are only present when the status is COMPLETED.
Retrieving right to be forgotten status
For a forgetRequests resource, check the status.
Single request
A request can be scoped to a specific resource by using that resource's ID.
GET https://[stg.]api.bazaarvoice.com/privacy/v1/forgetRequests/{id}?passkey={PRIVACY_API_PASSKEY} HTTP/1.1
Authorization: Bearer {ACCESS_TOKEN}
…
Ellipses (…) in above example indicate that your app may generate other headers.
Parameters
| Name | Description | Required |
|---|---|---|
Path |
||
id |
ID created for a given submission request. |
Yes |
QueryString |
||
passkey |
Privacy API passkey. |
Yes |
Header |
||
Authorization |
The Authorization value will consist of the string |
Yes |
Response body
The following demonstrates a typical response in the PENDING state:
{
"id": "a4bd736d-a9ad-47d2-b145-27978737aac8",
"status": "PENDING",
"submissionTime": "2018-04-19T14:15:40Z",
"dataType": "PROCESSED_DATA",
"clientNames": [
"Client-DE_DE",
"Client-EN_GB"
],
"authorId": "12345678"
}
The following demonstrates a typical response with the status of COMPLETED:
{
"id": "a4bd736d-a9ad-47d2-b145-27978737aac8",
"status": "COMPLETED",
"submissionTime": "2018-05-04T18:18:45.009Z",
"clientNames": [
"Client-DE_DE",
"Client-EN_GB"
],
"emailAddress": "some.email@example.com",
"dataFound": true,
"completionTime":"2018-05-05T10:11:01.006Z"
}
Many Requests
The following example returns a paginated collection of all available forgetRequests resources available to the user identified by the Authorization header. This supports various query string parameters which are described below.
GET https://[stg.]api.bazaarvoice.com/privacy/v1/forgetRequests/?passkey={PRIVACY_API_PASSKEY} HTTP/1.1
Authorization: Bearer {ACCESS_TOKEN}
…
Ellipses (…) in above example indicate that your app may generate other headers.
Parameters
| Name | Description | Required |
|---|---|---|
QueryString |
||
passkey |
Privacy API passkey |
Yes |
Header |
||
Authorization |
The Authorization value will consist of the string |
Yes |
Identifiers
There is the notion of an identifier. These values identify an end-user on various social platforms including Bazaarvoice. Only one identifier can be used in the querystring filter. For instance, ?emailAddress=test@test.com&pinterestUsername=catlover is not available. The following are the available identifiers:
emailAddress |
instagramUsername |
vimeoUsername |
pinterestUsername |
facebookUsername |
youtubeChannelId |
tumblrUsername |
authorId |
twitterUsername |
youtubeUsername |
flickrUsername |
phoneNumber |
Query String Filters
| Name | Description |
|---|---|
'identifier' |
See discussion above. |
clientName |
Available client instance names |
completedAfter |
Date in ISO format yyyy-mm-ddThh:mm:ss:SSSZ 2018-05-04T18:18:45.009Z |
submittedAfter |
Date in ISO format yyyy-mm-ddThh:mm:ss:SSSZ 2018-05-04T18:18:45.009Z |
status |
Available values: 'PENDING', 'COMPLETED' |
limit |
The maximum number of requests to return. If no limit is specified the default is 100 |
Response body
Response order will be status followed by timestamp. Requests with a PENDING status will be returned first. The secondary sort for pending requests is submissionTime descending. Requests with a status of COMPLETED will use completionTime as the secondary sort descending.
Time is in the ISO format yyyy-mm-ddThh:mm:ss:SSSZ (2018-05-04T18:18:45.009Z)
When the response elements exceed the limit querystring parameter, a nextToken key/value pair is returned that can be used to obtain the subsequent requests. To get the next page, users must specify the nextToken with the same query parameters. On the final page, the nextToken will be null. "nextToken": null
The following demonstrates a typical response:
{
"requests": [
{
"id": "a4bd736d-a9ad-47d2-b145-27978737aac8",
"status": "PENDING",
"submissionTime": "2018-05-04T18:18:45.009Z",
…
},
{
"id": "26bac6d9-df55-4685-986b-8c82f36612f9",
"status": "PENDING",
"submissionTime": "2018-05-04T18:18:45.009Z",
…
},
{
"id": "4c4e2af5-387d-4de3-8704-d78c634ddf94",
"status": "COMPLETED",
"submissionTime": "2018-05-04T18:18:45.009Z",
"completionTime": "2018-05-04T19:11:15.009Z",
"dataFound": true,
…
},
{
"id": "65f3a8c8-7c14-4c13-900d-f817fd650657",
"status": "COMPLETED",
"submissionTime": "2018-05-04T18:18:45.009Z",
"completionTime": "2018-05-04T19:11:15.009Z",
"dataFound": false,
…
},
…
],
"nextToken": "ISbvurTgnp2HSNAfyhGYn4kKSk7vQrU3g02CB6u6MTNCjuQ="
}
Errors
Please see Troubleshooting for a detailed description and solution for Privacy API errors.