To purge GDPR records, Acquia recommends using the data erasure feature in the CDP user interface.

Prerequisites

Before you implement the API, review the data that you want to send to CDP, and compare it to what other systems send to CDP. All data sources can send data about any entity to CDP, without any notion of priority. For more information, see Customer Data Platform (CDP) entities. Therefore, the data sent in your API overwrites the previous data for the related entity if that entity existed prior to your API call. Also, the data sent in your API can later be overwritten by any other system in the same way.

To reiterate, the platform is flexible in what data can be accepted. Therefore, you must send data from sources that you trust, and ensure that you do not send overlapping data from other sources.

To make API calls to the CDP platform:

1. Obtain the bearer token through the authentication API.

2. Call the data erasure API using the bearer token as authorization. The following is the API call using cURL:

   copy

   <api-host> : <api6, api6.eu>
   <bearer token>: 9c64fffb-d610-47a9-9df5-a12d9e76c125
   <customer-IdN>: 2022-10-18 00:00:00 UTC
   curl 'https://<api-host>.agilone.com/v2/<tenantid>/dw/dataerasure' \
   -H 'Accept: application/json, text/plain, /' \
   -H 'Accept-Language: en-US,en;q=0.9' \
   -H 'Authorization: Bearer <bearer token>' \
   -H 'Cache-Control: no-cache' \
   -H 'Connection: keep-alive' \
   -H 'Content-Type: application/json' \
   -H 'Origin: https://<api-host>.agilone.com' \
   -H 'Pragma: no-cache' \
   -H 'Referrer: https://<api-host>.agilone.com/' \
   -H 'Sec-Fetch-Dest: empty' \
   -H 'Sec-Fetch-Mode: cors' \
   -H 'Sec-Fetch-Site: same-site' \
   --data-raw '{"customerIds":["<customerId-1>","<customerId-2>"],"requestedDate":"2022-10-18 00:00:00 UTC","reason":"CCPA","requestOrigin":"Data Erasure","tenantId":193}' \
   --compressed

Authentication API endpoint

https://<tokenManagementSubdomain>.agilone.com/token?action=create&
scheme=a1user

To purge GDPR records, Acquia recommends using the data erasure feature in the CDP user interface.

Prerequisites

Before you implement the API, review the data that you want to send to CDP, and compare it to what other systems send to CDP. All data sources can send data about any entity to CDP, without any notion of priority. For more information, see Customer Data Platform (CDP) entities. Therefore, the data sent in your API overwrites the previous data for the related entity if that entity existed prior to your API call. Also, the data sent in your API can later be overwritten by any other system in the same way.

To reiterate, the platform is flexible in what data can be accepted. Therefore, you must send data from sources that you trust, and ensure that you do not send overlapping data from other sources.

To make API calls to the CDP platform:

1. Obtain the bearer token through the authentication API.

2. Call the data erasure API using the bearer token as authorization. The following is the API call using cURL:

   copy

   <api-host> : <api6, api6.eu>
   <bearer token>: 9c64fffb-d610-47a9-9df5-a12d9e76c125
   <customer-IdN>: 2022-10-18 00:00:00 UTC
   curl 'https://<api-host>.agilone.com/v2/<tenantid>/dw/dataerasure' \
   -H 'Accept: application/json, text/plain, /' \
   -H 'Accept-Language: en-US,en;q=0.9' \
   -H 'Authorization: Bearer <bearer token>' \
   -H 'Cache-Control: no-cache' \
   -H 'Connection: keep-alive' \
   -H 'Content-Type: application/json' \
   -H 'Origin: https://<api-host>.agilone.com' \
   -H 'Pragma: no-cache' \
   -H 'Referrer: https://<api-host>.agilone.com/' \
   -H 'Sec-Fetch-Dest: empty' \
   -H 'Sec-Fetch-Mode: cors' \
   -H 'Sec-Fetch-Site: same-site' \
   --data-raw '{"customerIds":["<customerId-1>","<customerId-2>"],"requestedDate":"2022-10-18 00:00:00 UTC","reason":"CCPA","requestOrigin":"Data Erasure","tenantId":193}' \
   --compressed

Authentication API endpoint

https://<tokenManagementSubdomain>.agilone.com/token?action=create&
scheme=a1user

The following is the response of the authentication API endpoint:

{
 "access_token": "<access_token>",
 "token_type": "bearer",
 "expires_in": <time>,
 "user": {
   "tenantId": <tenantId>,
   "username": "<username>",
   "userType": "CLIENT",
   "passwordExpiryDate": "<passwordExpiryDate>"
  }
}

You need to get the access_token and use it in the subsequent API calls with the authorization header. For more information, see Authorization Header.

List of Authentication APIs

Endpoint and payloads

Base API endpoint

https://<environmentSubdomain>.agilone.com/v2/{tenantId}/dw/dataerasure

For example,

https://api6.agilone.com/v2/1234/dw/dataerasure

In the preceding API endpoint, subdomains differ per environment:

API query parameter

You can use the following optional query parameter with the API:

• failOnNotFound: Set this parameter to true to fail the API request if the customer Id is not found. The default value is false. With this parameter, the API endpoint becomes:

  copy

  https://<environmentSubdomain>.agilone.com/v2/{tenantId}/dw/dataerasure?failOnNotFound=<true or false>

Method

POST

Request parameters

To send data to CDP through the data erasure request API, you must set the HTTPS header: content-type to application/json.

You can send the following request parameters in the payload:

Authorization header

You must set the authentication header value to Bearer <access_token>.

Sample request body

{
  "reason": "<DataErasureReason>",
  "customerIds": [
    "<customerId1>",
    "<customerId2>",
    "<customerIdN>"
  ],
  "requestOrigin": "<requestOrigin>",
  "requestedDate": "yyyy-MM-dd HH:mm:ss z",
  “requestedBy” : “<FreeText-ActualRequester>”
}

For response parameters, see Payload and response code.