-
Notifications
You must be signed in to change notification settings - Fork 133
/
Copy pathVTEX - Data Subject Rights.json
222 lines (221 loc) · 16.2 KB
/
VTEX - Data Subject Rights.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
{
"openapi": "3.0.0",
"info": {
"title": "Data Subject Rights API - PII data architecture",
"description": ">❗ This API is currently in closed alpha testing stage, which means that only specific customers can access it now. Do not share this documentation with people outside of your company. If you do not have access yet, please refer to the [Erasing customer data](https://help.vtex.com/en/tutorial/erasing-customer-data--1R9Fn7A06Ifj4R9YD4JTKU) guide instead.\r\n\r\n>⚠️ The **Data Subject Rights API - PII data architecture** is only compatible with stores using the PII data architecture from [Data Protection Plus](https://developers.vtex.com/docs/guides/data-protection-plus), which is in closed beta phase, only available in select regions.\r\n>\r\n> This feature is part of [VTEX Shield](https://help.vtex.com/en/tutorial/vtex-shield--2CVk6H9eY2CBtHjtDI7BFh). If you are already a VTEX customer and want to adopt VTEX Shield for your business, please contact [Commercial Support](https://help.vtex.com/en/tracks/support-at-vtex--4AXsGdGHqExp9ZkiNq9eMy/3KQWGgkPOwbFTPfBxL7YwZ). Additional fees may apply. If you are not yet a customer but are interested in this solution, please complete our [contact form](https://vtex.com/us-en/contact/).\r\n\r\nAccording to data protection policies, such as [GDPR and LGPD](https://vtex.com/us-en/privacy-and-agreements/vtex-commitment/), companies using customer personal data are required to delete collected information upon the customer's request.\r\n\r\nData Subject Rights API allows stores using the [PII data architecture](https://developers.vtex.com/docs/guides/pii-data-architecture-specifications) from [Data Protection Plus](https://developers.vtex.com/docs/guides/data-protection-plus) to erase user data collected by Checkout, Orders, VTEX ID and Profile System, without depending on the VTEX Support flow described in the [Erasing customer data](https://help.vtex.com/en/tutorial/erasing-customer-data--1R9Fn7A06Ifj4R9YD4JTKU) guide.\r\n\r\n## Index\r\n\r\n- `POST` [Erase customer data](https://developers.vtex.com/docs/api-reference/user-data-rights-api#post-/api/user-rights/createAndProcessDeleteUserData)",
"version": "1.0"
},
"servers": [
{
"url": "http://api.vtex.com",
"description": "VTEX server URL."
}
],
"paths": {
"/api/user-rights/createAndProcessDeleteUserData": {
"post": {
"tags": [
"Data Subject Rights"
],
"summary": "Erase customer data",
"description": "Deletes a given customer's data collected in your store by Checkout, Orders, VTEX ID and Profile System.\r\n\r\n> Only orders with `invoiced` or `canceled` status are erased in this request.\r\n\r\n>❗ This API is currently in closed alpha testing stage, which means that only specific customers can access it now. Do not share this documentation with people outside of your company. If you do not have access yet, please refer to the [Erasing customer data](https://help.vtex.com/en/tutorial/erasing-customer-data--1R9Fn7A06Ifj4R9YD4JTKU) guide instead.\r\n\r\n>⚠️ This endpoint is only compatible with stores using the PII data architecture from [Data Protection Plus](https://developers.vtex.com/docs/guides/data-protection-plus), which is in closed beta phase, only available in select regions.\r\n>\r\n> This feature is part of [VTEX Shield](https://help.vtex.com/en/tutorial/vtex-shield--2CVk6H9eY2CBtHjtDI7BFh). If you are already a VTEX customer and want to adopt VTEX Shield for your business, please contact [Commercial Support](https://help.vtex.com/en/tracks/support-at-vtex--4AXsGdGHqExp9ZkiNq9eMy/3KQWGgkPOwbFTPfBxL7YwZ). Additional fees may apply. If you are not yet a customer but are interested in this solution, please complete our [contact form](https://vtex.com/us-en/contact/).\r\n\r\n## Permissions\r\n\r\nAny user or [application key](https://developers.vtex.com/docs/guides/api-authentication-using-application-keys) must have at least one of the appropriate [License Manager resources](https://help.vtex.com/en/tutorial/license-manager-resources--3q6ztrC8YynQf6rdc6euk3) to be able to successfully run this request. Otherwise they will receive a status code `403` error. These are the applicable resources for this endpoint:\r\n\r\n| **Product** | **Category** | **Resource** |\r\n| --------------- | ----------------- | ----------------- |\r\n| User Rights | user-rights-request | **Write user rights requests** |\r\n\r\nThere are no applicable [predefined roles](https://help.vtex.com/en/tutorial/predefined-roles--jGDurZKJHvHJS13LnO7Dy) for this resource list. You must [create a custom role](https://help.vtex.com/en/tutorial/roles--7HKK5Uau2H6wxE1rH5oRbc#creating-a-role) and add at least one of the resources above in order to use this endpoint. To learn more about machine authentication at VTEX, see [Authentication overview](https://developers.vtex.com/docs/guides/authentication).\r\n\r\n>\u2757 To prevent integrations from having excessive permissions, consider the [best practices for managing app keys](https://help.vtex.com/en/tutorial/best-practices-application-keys--7b6nD1VMHa49aI5brlOvJm) when assigning License Manager roles to integrations.",
"parameters": [
{
"$ref": "#/components/parameters/Content-Type"
},
{
"$ref": "#/components/parameters/Accept"
},
{
"$ref": "#/components/parameters/an"
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"email": {
"type": "string",
"description": "Email of the client whose data will be deleted.",
"example": "john@mail.com"
}
}
}
}
}
},
"responses": {
"200": {
"description": "OK",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"uuid": {
"type": "string",
"description": "User data rights request unique identifier in [UUID](https://www.uuidtools.com/what-is-uuid) format."
},
"requestType": {
"type": "string",
"description": "Type of user data rights request."
},
"email": {
"type": "string",
"description": "Client email."
},
"status": {
"type": "string",
"description": "Status of the user data rights request."
},
"dataResponse": {
"type": "string",
"description": "Escaped JSON containing information about the status of data deletion on each VTEX system that stores client data."
},
"requestTime": {
"type": "string",
"description": "Date of the user data rights request in [ISO 8601](https://www.iso.org/iso-8601-date-and-time-format.html)format."
},
"applications": {
"type": "array",
"description": "Array containing an object for each VTEX application that stores client data.",
"items": {
"type": "object",
"description": "Object containing information about user data status in each VTEX application that stores client data.",
"properties": {
"application": {
"type": "string",
"description": "Abbreviated name of the application, which can be `chk` (Checkout), `orders` (Order Management System), `profileSystemV2` (PII Profile System) or `vid` (VTEX ID)."
},
"status": {
"type": "string",
"description": "Status of client data in the given application. The possible values are:\n\r- `Completed` - Processing completed successfully.\n\r- `Error` - An unexpected error occurred during the process. You must make a new request.\n\r- `PendingCheck` - Pending validation. Unable to perform validation on one or more services.\n\r- `Blocked` - Pending validation. One or more services are unable to fulfill the deletion request. You need to wait and make a new request in the future.\n\r- `PendingDeletion` - It was not possible to delete data in one or more services. You must make a new request."
},
"errorDetail": {
"type": "string",
"description": "In case of error, this field contains an explanatory error message. Otherwise, this field is an empty string."
},
"updateAt": {
"type": "string",
"description": "Date of the latest update in client data in the given application, in UTC format."
}
}
}
}
}
},
"example": {
"uuid": "3e2f53dc-b099-4dc8-9727-581b2a97f39c",
"requestType": "Removal",
"email": "pedido2@vtexchallenge.com",
"status": "Completed",
"dataResponse": "{\r\n \"VTEX Checkout\": [],\r\n \"orders\": {\r\n \"dataStatus\": {\r\n \"status\": \"anonymized\",\r\n \"reason\": \"Sensitive information was anonymized rather than deleted to preserve the store metrics.\",\r\n \"evidence\": \"Anonymized [0] orders\",\r\n \"dryRun\": true\r\n },\r\n \"orders\": []\r\n },\r\n \"Profile System PII API\": {},\r\n \"VTEX ID\": {\r\n \"type\": \"https://tools.ietf.org/html/rfc7231#section-6.5.4\",\r\n \"title\": \"Not Found\",\r\n \"status\": 404,\r\n \"traceId\": \"00-65d5abf9263b07eb185beee49e2075dc-b67b373e2e93dcf8-00\"\r\n }\r\n}",
"requestTime": "2023-09-05T17:19:33.1969022-03:00",
"applications": [
{
"application": "chk",
"status": "Deleted",
"errorDetail": "",
"updateAt": "2023-09-05T20:20:23"
},
{
"application": "orders",
"status": "Deleted",
"errorDetail": "",
"updateAt": "2023-09-05T20:20:25"
},
{
"application": "profileSystemV2",
"status": "Deleted",
"errorDetail": "",
"updateAt": "2023-09-05T20:20:26"
},
{
"application": "vid",
"status": "Deleted",
"errorDetail": "",
"updateAt": "2023-09-05T20:20:29"
}
]
}
}
}
}
}
}
}
},
"components": {
"parameters": {
"Content-Type": {
"name": "Content-Type",
"in": "header",
"description": "Type of the content being sent.",
"required": true,
"style": "simple",
"schema": {
"type": "string",
"example": "application/json"
}
},
"Accept": {
"name": "Accept",
"in": "header",
"description": "HTTP Client Negotiation _Accept_ Header. Indicates the types of responses the client can understand.",
"required": true,
"style": "simple",
"schema": {
"type": "string",
"example": "application/json"
}
},
"an": {
"name": "an",
"in": "query",
"description": "Name of your VTEX account.",
"required": false,
"style": "form",
"schema": {
"type": "string",
"example": "mystore"
}
}
},
"securitySchemes": {
"appKey": {
"type": "apiKey",
"in": "header",
"name": "X-VTEX-API-AppKey",
"description": "Unique identifier of the [application key](https://developers.vtex.com/docs/guides/api-authentication-using-application-keys)."
},
"appToken": {
"type": "apiKey",
"in": "header",
"name": "X-VTEX-API-AppToken",
"description": "Secret token of the [application key](https://developers.vtex.com/docs/guides/api-authentication-using-application-keys)."
},
"VtexIdclientAutCookie": {
"type": "apiKey",
"in": "header",
"name": "VtexIdclientAutCookie",
"description": "[User token](https://developers.vtex.com/docs/guides/api-authentication-using-user-tokens), valid for 24 hours."
}
}
},
"tags": [
{
"name": "Data Subject Rights"
}
],
"security": [
{
"appKey": [],
"appToken": []
},
{
"VtexIdclientAutCookie": []
}
]
}