Data Subject Request API Version 1 and 2
Data Subject Request API Version 3
Platform API Overview
Accounts
Apps
Audiences
Calculated Attributes
Data Points
Feeds
Field Transformations
Services
Users
Workspaces
Warehouse Sync API Overview
Warehouse Sync API Tutorial
Warehouse Sync API Reference
Data Mapping
Warehouse Sync SQL Reference
Warehouse Sync Troubleshooting Guide
ComposeID
Warehouse Sync API v2 Migration
Bulk Profile Deletion API Reference
Calculated Attributes Seeding API
Custom Access Roles API
Data Planning API
Group Identity API Reference
Pixel Service
Profile API
Events API
mParticle JSON Schema Reference
IDSync
AMP SDK
Initialization
Configuration
Network Security Configuration
Event Tracking
User Attributes
IDSync
Screen Events
Commerce Events
Location Tracking
Media
Kits
Application State and Session Management
Data Privacy Controls
Error Tracking
Opt Out
Push Notifications
WebView Integration
Logger
Preventing Blocked HTTP Traffic with CNAME
Linting Data Plans
Troubleshooting the Android SDK
API Reference
Upgrade to Version 5
Cordova Plugin
Identity
Direct URL Routing FAQ
Web
Android
iOS
Getting Started
Identity
Initialization
Configuration
Event Tracking
User Attributes
IDSync
Screen Tracking
Commerce Events
Location Tracking
Media
Kits
Application State and Session Management
Data Privacy Controls
Error Tracking
Opt Out
Push Notifications
Webview Integration
Upload Frequency
App Extensions
Preventing Blocked HTTP Traffic with CNAME
Linting Data Plans
Troubleshooting iOS SDK
Social Networks
iOS 14 Guide
iOS 15 FAQ
iOS 16 FAQ
iOS 17 FAQ
iOS 18 FAQ
API Reference
Upgrade to Version 7
Upload Frequency
Getting Started
Opt Out
Initialize the SDK
Event Tracking
Commerce Tracking
Error Tracking
Screen Tracking
Identity
Location Tracking
Session Management
Initialization
Content Security Policy
Configuration
Event Tracking
User Attributes
IDSync
Page View Tracking
Commerce Events
Location Tracking
Media
Kits
Application State and Session Management
Data Privacy Controls
Error Tracking
Opt Out
Custom Logger
Persistence
Native Web Views
Self-Hosting
Multiple Instances
Web SDK via Google Tag Manager
Preventing Blocked HTTP Traffic with CNAME
Facebook Instant Articles
Troubleshooting the Web SDK
Browser Compatibility
Linting Data Plans
API Reference
Upgrade to Version 2 of the SDK
Getting Started
Identity
Web
Alexa
Node SDK
Go SDK
Python SDK
Ruby SDK
Java SDK
Overview
Step 1. Create an input
Step 2. Verify your input
Step 3. Set up your output
Step 4. Create a connection
Step 5. Verify your connection
Step 6. Track events
Step 7. Track user data
Step 8. Create a data plan
Step 9. Test your local app
Overview
Step 1. Create an input
Step 2. Verify your input
Step 3. Set up your output
Step 4. Create a connection
Step 5. Verify your connection
Step 6. Track events
Step 7. Track user data
Step 8. Create a data plan
Step 1. Create an input
Step 2. Create an output
Step 3. Verify output
Introduction
Outbound Integrations
Firehose Java SDK
Inbound Integrations
Data Hosting Locations
Compose ID
Glossary
Migrate from Segment to mParticle
Migrate from Segment to Client-side mParticle
Migrate from Segment to Server-side mParticle
Segment-to-mParticle Migration Reference
Rules Developer Guide
API Credential Management
The Developer's Guided Journey to mParticle
Create an Input
Start capturing data
Connect an Event Output
Create an Audience
Connect an Audience Output
Transform and Enhance Your Data
The new mParticle Experience
The Overview Map
Introduction
Data Retention
Connections
Activity
Live Stream
Data Filter
Rules
Tiered Events
mParticle Users and Roles
Analytics Free Trial
Troubleshooting mParticle
Usage metering for value-based pricing (VBP)
Introduction
Sync and Activate Analytics User Segments in mParticle
User Segment Activation
Welcome Page Announcements
Project Settings
Roles and Teammates
Organization Settings
Global Project Filters
Portfolio Analytics
Analytics Data Manager Overview
Events
Event Properties
User Properties
Revenue Mapping
Export Data
UTM Guide
Data Dictionary
Query Builder Overview
Modify Filters With And/Or Clauses
Query-time Sampling
Query Notes
Filter Where Clauses
Event vs. User Properties
Group By Clauses
Annotations
Cross-tool Compatibility
Apply All for Filter Where Clauses
Date Range and Time Settings Overview
Understanding the Screen View Event
Analyses Introduction
Getting Started
Visualization Options
For Clauses
Date Range and Time Settings
Calculator
Numerical Settings
Assisted Analysis
Properties Explorer
Frequency in Segmentation
Trends in Segmentation
Did [not] Perform Clauses
Cumulative vs. Non-Cumulative Analysis in Segmentation
Total Count of vs. Users Who Performed
Save Your Segmentation Analysis
Export Results in Segmentation
Explore Users from Segmentation
Getting Started with Funnels
Group By Settings
Conversion Window
Tracking Properties
Date Range and Time Settings
Visualization Options
Interpreting a Funnel Analysis
Group By
Filters
Conversion over Time
Conversion Order
Trends
Funnel Direction
Multi-path Funnels
Analyze as Cohort from Funnel
Save a Funnel Analysis
Explore Users from a Funnel
Export Results from a Funnel
Saved Analyses
Manage Analyses in Dashboards
Dashboards––Getting Started
Manage Dashboards
Organize Dashboards
Dashboard Filters
Scheduled Reports
Favorites
Time and Interval Settings in Dashboards
Query Notes in Dashboards
User Aliasing
The Demo Environment
Keyboard Shortcuts
Analytics for Marketers
Analytics for Product Managers
Compare Conversion Across Acquisition Sources
Analyze Product Feature Usage
Identify Points of User Friction
Time-based Subscription Analysis
Dashboard Tips and Tricks
Understand Product Stickiness
Optimize User Flow with A/B Testing
User Segments
IDSync Overview
Use Cases for IDSync
Components of IDSync
Store and Organize User Data
Identify Users
Default IDSync Configuration
Profile Conversion Strategy
Profile Link Strategy
Profile Isolation Strategy
Best Match Strategy
Aliasing
Overview
Create and Manage Group Definitions
Introduction
Catalog
Live Stream
Data Plans
Blocked Data Backfill Guide
Predictive Attributes Overview
Create Predictive Attributes
Assess and Troubleshoot Predictions
Use Predictive Attributes in Campaigns
Predictive Audiences Overview
Using Predictive Audiences
Introduction
Profiles
Warehouse Sync
Data Privacy Controls
Data Subject Requests
Default Service Limits
Feeds
Cross-Account Audience Sharing
Approved Sub-Processors
Import Data with CSV Files
CSV File Reference
Glossary
Video Index
Single Sign-On (SSO)
Setup Examples
Introduction
Introduction
Introduction
Rudderstack
Google Tag Manager
Segment
Advanced Data Warehouse Settings
AWS Kinesis (Snowplow)
AWS Redshift (Define Your Own Schema)
AWS S3 Integration (Define Your Own Schema)
AWS S3 (Snowplow Schema)
BigQuery (Snowplow Schema)
BigQuery Firebase Schema
BigQuery (Define Your Own Schema)
GCP BigQuery Export
Snowflake (Snowplow Schema)
Snowplow Schema Overview
Snowflake (Define Your Own Schema)
Aliasing
This is reference documentation for mParticle’s API for receiving and managing data subject requests (DSRs) for GDPR and CCPA compliance. To learn more about what this API is used for, see our Data Subject Requests Guide.
This API is our instance of the OpenDSR framework, formerly known as OpenGDPR.
See the Default Service Limits for information about API rate limits.
There are two versions of this API that we support:
Version | Framework | API Endpoint |
---|---|---|
1.0 | OpenGDPR | https://opengdpr.mparticle.com/v1 |
2.0 | OpenDSR | https://opendsr.mparticle.com/v2 |
This is noted in the two endpoints supported below, and in the api_version
field in many of the resources below.
Version 2.0 made the following changes:
regulation
with values of ccpa
or gdpr
/opengdpr_requests
to /requests
2.0
opengdpr
-> opendsr
If you are live on version 1, you do not need to upgrade to version 2, unless you want some of the changes noted above. Version 1 can be used for both GDPR and CCPA, though the requests are not explicitly marked as such. Version 1 will not be deprecated.
The current (v2) mParticle OpenDSR endpoint is available at:
https://opendsr.mparticle.com/v2
We also support our prior version (v1), called OpenGDPR, at:
https://opengdpr.mparticle.com/v1
The HTTP APIs are secured via basic authentication. Credentials are issued at the level of an mParticle Workspace. You can obtain credentials for your Workspace from the Workspace Settings screen. Note that this authentication is for a single workspace and scopes the DSR to this workspace only.
To view workspace credentials:
You can authenticate in 2 ways:
Manually set the authentication
header by encoding your key and secret together:
2.1 Concatenate your application key and secret together with a colon (:) separating the two:
example-api-key:example-api-secret
2.2 Base64 with UTF-8 encode the result:
ZXhhbXBsZS1hcGkta2V5OmV4YW1wbGUtYXBpLXNlY3JldA==
2.3 Prefix the encoded string with the authorization method, including a space:
Basic ZXhhbXBsZS1hcGkta2V5OmV4YW1wbGUtYXBpLXNlY3JldA==
2.4 Set resulting string as the Authorization
header in your HTTP requests:
Authorization: Basic ZXhhbXBsZS1hcGkta2V5OmV4YW1wbGUtYXBpLXNlY3JldA==
The primary resource is the request
object:
Resource | Route | Notes |
---|---|---|
request |
/requests |
Used to encapsulate the DSR. In v1: /opengdpr_requests . |
discovery |
/discovery |
Used only to programmatically report API functionality. |
A request in the OpenDSR format communicates a Data Subject’s wish to access or erase their data. The OpenDSR Request takes a JSON request body and requires a Content-Type: application/json
header:
POST https://opendsr.mparticle.com/v2/requests/
Content-Type: application/json
Authorization: Basic <your-token-here>
{
"regulation": "gdpr",
"subject_request_id": "a7551968-d5d6-44b2-9831-815ac9017798",
"subject_request_type": "erasure",
"submitted_time": "2018-10-02T15:00:00Z",
"subject_identities":
[
{
"identity_type": "email",
"identity_value": "johndoe@example.com",
"identity_format": "raw"
}
],
"api_version": "2.0",
"status_callback_urls":
[
"https://exampleurl.com/opendsr/callbacks"
],
"extensions":
{
"opendsr.mparticle.com":
{
"mpids":
[
1234567890,
5678901234
],
"identities":
[
{
"identity_type": "other1",
"identity_value": "test@test1.com"
}
]
}
}
}
Field Name | Data Type | Required | Description |
---|---|---|---|
regulation |
string | Required | The regulation this DSR falls under, either gdpr or ccpa . Version 2 only. |
subject_request_id |
UUID v4 string | Required | A unique identifier for the request provided by the controller. |
subject_request_type |
string | Required | The type of request. Supported values are access , portability and erasure . |
submitted_time |
ISO 8601 date string | Required | The time the Data Subject originally submitted the request. |
subject_identities |
array | Required unless an extensions field is included |
See below for details |
api_version |
string | Optional | The API Version your request uses. Valid values are: 2.0 (current for the openDSR endpoint) and 1.0 (legacy, for OpenGDPR endpoint). |
status_callback_urls |
Array | Optional | Array of URLs for a callback post to be made on completion of the request |
extensions |
array | Optional | Contains processor-specific extensions. For mParticle, use the extension ["opendsr.mparticle.com"] . See below for supported identity types. |
subject_identities
objectThis object encapsulates the identities for this data subject request. For each identity included in an OpenDSR request, three fields are required.
Field Name | Data Type | Description |
---|---|---|
identity_type |
string | The type of identity, see below for supported identity types. |
identity_value |
string | The identity value. |
identity_format |
string | The encoding format of the identity value. For mParticle, this will always be raw . |
While the OpenDSR framework allows for hashed IDs, and requires an identity_format
field, mParticle only supports sending raw
IDs.
mParticle Identity/Device Type | API Format / OpenDSR | Notes |
---|---|---|
MPID |
mpid |
With the ‘opendsr.mparticle.com’ extension. |
customer_id |
controller_customer_id |
- |
email |
email |
- |
android_advertising_id |
android_advertising_id |
- |
android_uuid |
android_id |
- |
fire_advertising_id |
fire_advertising_id |
- |
ios_advertising_id |
ios_advertising_id |
- |
ios_idfv |
ios_vendor_id |
- |
microsoft_advertising_id |
microsoft_advertising_id |
- |
microsoft_publisher_id |
microsoft_publisher_id |
- |
roku_advertising_id |
roku_advertising_id |
- |
roku_publishing_id |
roku_publishing_id |
- |
other |
other |
With the ‘opendsr.mparticle.com’ extension. |
other2 |
other2 |
With the ‘opendsr.mparticle.com’ extension. |
other3 |
other3 |
With the ‘opendsr.mparticle.com’ extension. |
other4 |
other4 |
With the ‘opendsr.mparticle.com’ extension. |
other5 |
other5 |
With the ‘opendsr.mparticle.com’ extension. |
other6 |
other6 |
With the ‘opendsr.mparticle.com’ extension. |
other7 |
other7 |
With the ‘opendsr.mparticle.com’ extension. |
other8 |
other8 |
With the ‘opendsr.mparticle.com’ extension. |
other9 |
other9 |
With the ‘opendsr.mparticle.com’ extension. |
other10 |
other10 |
With the ‘opendsr.mparticle.com’ extension. |
mobile_number |
mobile_number |
With the ‘opendsr.mparticle.com’ extension. |
phone_number_2 |
phone_number_2 |
With the ‘opendsr.mparticle.com’ extension. |
phone_number_3 |
phone_number_3 |
With the ‘opendsr.mparticle.com’ extension. |
HTTP/1.1 201 Created
Content Type: application/json
X-OpenDSR-Processor-Domain: opendsr.mparticle.com
X-OpenDSR-Signature:
kiGlog3PdQx+FQmB8wYwFC1fekbJG7Dm9WdqgmXc9uKkFRSM4uPzylLi7j083461xLZ+mUloo3tpsmyI
Zpt5eMfgo7ejXPh6lqB4ZgCnN6+1b6Q3NoNcn/+11UOrvmDj772wvg6uIAFzsSVSjMQxRs8LAmHqFO4c
F2pbuoPuK2diHOixxLj6+t97q0nZM7u3wmgkwF9EHIo3C6G1SI04/odvyY/VdMZgj3H1fLnz+X5rc42/
wU4974u3iBrKgUnv0fcB4YB+L6Q3GsMbmYzuAbe0HpVA17ud/bVoyQZAkrW2yoSy1x4Ts6XKba6pLifI
Hf446Bubsf5r7x1kg6Eo7B8zur666NyWOYrglkOzU4IYO8ifJFRZZXazOgk7ggn9obEd78GBc3kjKKZd
waCrLx7WV5y9TMDCf+2FILOJM/MwTUy1dLZiaFHhGdzld2AjbjK1CfVzyPssch0iQYYtbR49GhumvkYl
11S4oDfu0c3t/xUCZWg0hoR3XL3B7NjcrlrQinB1KbyTNZccKR0F4Lk9fDgwTVkrAg152UqPyzXxpdzX
jfkDkSEgAevXQwVJWBNf18bMIEgdH2usF/XauQoyrne7rcMIWBISPgtBPj3mhcrwscjGVsxqJva8KCVC
KD/4Axmo9DISib5/7A6uczJxQG2Bcrdj++vQqK2succ=
{
"expected_completion_time":"2018-11-01T15:00:01Z",
"received_time":"2018 10 02T15:00:01Z",
"encoded_request":"<BASE64 ENCODED REQUEST>",
"subject_request_id":"a7551968-d5d6-44b2-9831-815ac9017798",
"controller_id": "3622"
}
GET /requests/{RequestID}
{
"controller_id": "3622",
"expected_completion_time": "2018-05-07T20:53:48.322652",
"subject_request_id": "a7551968-d5d6-44b2-9831-815ac9017798",
"group_id": null,
"request_status": "pending",
"api_version": "2.0",
"results_url": null,
"extensions": null
}
Field Name | Data Type | Description |
---|---|---|
controller_id |
string | A unique ID representing the data controller. |
expected_completion_time |
ISO 8601 date string | The estimated time by which the request will be fulfilled. |
subject_request_id |
UUID v4 string | The controller-provided identifier of the request in a GUID v4 format. |
group_id |
string | The group_id can be used to relate different subject requests together. The maximum number of requests that can be associated to a group_id is 150. Groups are scoped to the workspace. |
request_status |
string | The status of the request. Possible values are pending , in_progress , completed and cancelled . |
api_version |
string | The API version for this request. The current version is “2.0”. |
results_url |
string | For Access/Portability requests, a download link to the request results data. This field contains null unless the request is complete. After a request completes, the results_url is valid for 7 days. After that time, attempting to access this URL results in a 410 Gone HTTP response. If no records can be found matching the identities in the request, a request returns a 404 error. |
extensions |
array | Extensions related to DSR forwarding. |
GET /requests?group_id={my-group}
The response is a collection of DSR subject requests tha match the group_id.
[
{
"controller_id": "3622",
"expected_completion_time": "2021-09-07T10:00:00.322652",
"subject_request_id": "a7551968-d5d6-44b2-9831-815ac9017798",
"group_id": "my-group",
"request_status": "pending",
"api_version": "2.0",
"results_url": null,
"extensions": null
},
{
"controller_id": "3622",
"expected_completion_time": "2021-09-06T10:15:00.259842",
"subject_request_id": "cab0a1fc-cfcd-475a-a2a5-e93eb060332f",
"group_id": "my-group",
"request_status": "pending",
"api_version": "2.0",
"results_url": null,
"extensions": null
}
]
DELETE /requests/{RequestID}
Cancels a request. This can only be done if the status of the request is pending
.
{
"expected_completion_time": null,
"received_time": "2018-05-16T17:35:58.3631375Z",
"subject_request_id": "a7551968-d5d6-44b2-9831-815ac9017798",
"controller_id": "3622"
}
Field Name | Data Type | Description |
---|---|---|
expected_completion_time |
ISO 8601 date string | The estimated time by which the request will be fulfilled. For a cancelled request, this will be null . |
received_time |
ISO 8601 date string | The time at which the cancellation request was received. |
subject_request_id |
string | The controller-provided identifier of the request. |
controller_id |
string | A unique ID representing the data controller. |
GET /discovery/
The discovery endpoint allows you to programmatically check the request types and identity types supported by an OpenDSR provider.
{
"api_version": "2.0",
"supported_identities": [
{
"identity_type": "android_advertising_id",
"identity_format": "raw"
},
{
"identity_type": "android_id",
"identity_format": "raw"
},
{
"identity_type": "controller_customer_id",
"identity_format": "raw"
},
{
"identity_type": "email",
"identity_format": "raw"
},
{
"identity_type": "fire_advertising_id",
"identity_format": "raw"
},
{
"identity_type": "ios_advertising_id",
"identity_format": "raw"
},
{
"identity_type": "ios_vendor_id",
"identity_format": "raw"
},
{
"identity_type": "microsoft_advertising_id",
"identity_format": "raw"
},
{
"identity_type": "microsoft_publisher_id",
"identity_format": "raw"
},
{
"identity_type": "roku_advertising_id",
"identity_format": "raw"
},
{
"identity_type": "roku_publisher_id",
"identity_format": "raw"
}
],
"supported_subject_request_types": [
"access",
"erasure",
"portability"
],
"processor_certificate": "https://static.mparticle.com/dsr/opendsr_cert.pem"
}
In v1, the certificate is available at: https://static.mparticle.com/gdpr/opengdpr_cert.pem
In v2, the certificate is available at: https://static.mparticle.com/dsr/opendsr_cert.pem
When a request changes status - including when a request is first created - mParticle sends a callback POST to all URLs specified in the status_callback_urls
array of the request. Callbacks are not sent in realtime but are queued and sent every 15 minutes.
Callback requests are signed and issued over TLS. You must validate the authenticity of the request before parsing the request body.
X-OpenDSR-Processor-Domain
header value is in your whitelist, fetch the certificate. The certificate URL is available as the value of "processor_certificate"
in the /discovery
response body. The certificate can be cached for the lifetime of the certificate.Validate the certificate. This should be handled by a library. Certificate validation should confirm that:
X-OpenDSR-Processor-Domain
header value.X-OpenDSR-Signature
header against the raw request body. mParticle uses SHA256 RSA as a signing algorithm.202 Accepted
status header if all validations are successful. Return a response with a 401 Unauthorized
status header if the signature fails to validate or the processor domain is not in your whitelist.In version 1, these headers are:
X-OpenGDPR-Processor-Domain
X-OpenGDPR-Signature
POST /opendsr/callbacks HTTP/1.1
Host: opendsr.mparticle.com
Content Type: application/json
X-OpenDSR-Processor-Domain: opendsr.mparticle.com
X-OpenDSR-Signature:
P7f3LwgHVcDt8/26hziIGx56oVWGonkt6od7AY1VQBLsnIeh0K/z55GDmlrB7rbfd05RGUqqgjw4tekA3gjmABSwzEUFNAuAE2KNgNHcxzxzHBb9b0Nc/PBUAVKXHgY2Q6c7W0XKMOF5dLO67HUimtl2lJPZ10Y26uEd1ePkcUc5B/4likkd+kQQq7X6S6+GD20S1211NQ5+Xqk1WG2yxUryTHhovEblAuirOI4S/q03k5cmy0r0RuGzku0gNF5lMHJC6uRNXXisldcFpPJwTCGzJBbvkGCBmKPKfKV7cETFEayygi6GshimVnnQOsa4owvkWvze3ACd5DcNCfPrYw==
{
"controller_id":"4308",
"expected_completion_time":"2018-05-31T16:27:28.679094",
"subject_request_id":"372fcd8b-d723-452e-ac60-36bd17372321",
"request_status":"pending",
"api_version":"2.0",
"results_url":null,
"extensions": null
}
The following errors may be returned by the API with additional details as shown.
{
"code": 400,
"message": "Subject request already exists.",
"errors": [
{
"domain": "Validation",
"reason": "InvalidOperationException",
"message": "Subject request already exists."
}
]
}
Status Code | Retriable | Message |
---|---|---|
400 | No | Invalid data was detected |
400 | No | Subject request already exists |
401 | No | The credentials provided in the request are not valid. Check the credentials used to authenticate.. |
404 | No | The specified subject request id could not be found. For Portability/Access requests, if no records can be found matching the identities in the request, a request to the download link to the request results will also return this error. |
409 | No | There is an in progress request with the same identities, extensions and type. |
429 | Yes | Too many requests have been submitted. The Retry-After header indicates how long to wait before retrying again. Learn more about API throttling in Default Service Limits. |
5xx | Yes | A server-side error has occured, please try your request again. |
Was this page helpful?