This APS type must be implemented by those APS applications that must be compliant with General Data Protection Regulation (GDPR) of the European Union (EU).
In this document:
The considered APS type (download
)
extends the Resource APS type(s) and looks as follows:
{
"name" : "GDPRSupport",
"id" : "http://www.odin.com/gdpr-support/1.0",
"apsVersion" : "2.0",
"implements" : [ "http://aps-standard.org/types/core/resource/1.0" ],
"operations" : {
"groups" : {
"path" : "/groups",
"verb" : "GET",
"response" : {
"type" : "array",
"items" : {
"type" : "Group"
}
},
"errorResponse" : {
"type" : "object"
},
"access" : {
"owner" : false,
"referrer" : true,
"global" : false
}
},
"accountInfo" : {
"path" : "/accountInfo",
"verb" : "GET",
"response" : {
"type" : "GDPRIdentity"
},
"errorResponse" : {
"type" : "object"
},
"access" : {
"owner" : false,
"referrer" : true,
"global" : false
},
"parameters" : {
"uuid" : {
"kind" : "query",
"type" : "string"
}
}
},
"userInfo" : {
"path" : "/userInfo",
"verb" : "GET",
"response" : {
"type" : "GDPRIdentity"
},
"errorResponse" : {
"type" : "object"
},
"access" : {
"owner" : false,
"referrer" : true,
"global" : false
},
"parameters" : {
"uuid" : {
"kind" : "query",
"type" : "string"
}
}
},
"canForgetAccount" : {
"path" : "/canForgetAccount",
"verb" : "GET",
"response" : {
"type" : "Result"
},
"errorResponse" : {
"type" : "object"
},
"access" : {
"owner" : false,
"referrer" : true,
"global" : false
},
"parameters" : {
"uuid" : {
"kind" : "query",
"type" : "string"
}
}
},
"canForgetUser" : {
"path" : "/canForgetUser",
"verb" : "GET",
"response" : {
"type" : "Result"
},
"errorResponse" : {
"type" : "object"
},
"access" : {
"owner" : false,
"referrer" : true,
"global" : false
},
"parameters" : {
"uuid" : {
"kind" : "query",
"type" : "string"
}
}
},
"forgetAccount" : {
"path" : "/forgetAccount",
"verb" : "POST",
"response" : {
"type" : "Result"
},
"errorResponse" : {
"type" : "object"
},
"access" : {
"owner" : false,
"referrer" : true,
"global" : false
},
"parameters" : {
"identity" : {
"kind" : "body",
"type" : "GDPRForgetIdentity",
"required" : true
}
}
},
"forgetUser" : {
"path" : "/forgetUser",
"verb" : "POST",
"response" : {
"type" : "Result"
},
"errorResponse" : {
"type" : "object"
},
"access" : {
"owner" : false,
"referrer" : true,
"global" : false
},
"parameters" : {
"identity" : {
"kind" : "body",
"type" : "GDPRForgetIdentity",
"required" : true
}
}
}
},
"structures" : {
"Group" : {
"type" : "object",
"properties" : {
"groupId" : {
"type" : "string"
},
"description" : {
"type" : "string"
},
"keys" : {
"type" : "array",
"items" : {
"type" : "Key"
}
}
}
},
"GDPRIdentity" : {
"type" : "object",
"properties" : {
"uuid" : {
"type" : "string"
},
"info" : {
"type" : "array",
"items" : {
"type" : "Info"
}
}
}
},
"GDPRForgetIdentity" : {
"type" : "object",
"properties" : {
"uuid" : {
"type" : "string"
},
"email" : {
"type" : "string"
},
"groupIds" : {
"type" : "array",
"items" : {
"type" : "string"
}
}
}
},
"Result" : {
"type" : "object",
"properties" : {
"status" : {
"type" : "boolean",
"required" : true
},
"message" : {
"type" : "string"
}
}
},
"Key" : {
"type" : "object",
"properties" : {
"keyId" : {
"type" : "string"
},
"keyDescription" : {
"type" : "string"
}
}
},
"Info" : {
"type" : "object",
"properties" : {
"groupId" : {
"type" : "string",
"required" : true
},
"key" : {
"type" : "string",
"required" : true
},
"value" : {
"type" : "string"
}
}
}
}
}
OPERATION | VERB | PATH | RETURNS | Description |
---|---|---|---|---|
groups | GET | /groups | Array of Group | The operation returns an array of personal data groups as classified by the application. |
accountInfo | GET | /accountInfo | GDPRIdentity | The operation receives the APS ID of a personal account and returns the related personal data stored by the application. |
userInfo | GET | /userInfo | GDPRIdentity | The operation receives the APS ID of a user and returns the related personal data stored by the application. |
canForgetAccount | GET | /canForgetAccount | Result | The operation confirms whether it can erase personal data of a specified personal account. |
canForgetUser | GET | /canForgetUser | Result | The operation confirms whether it can erase personal data of a specified user. |
forgetAccount | POST | /forgetAccount | Result | The operation must erase the requested groups of personal data related with a specified personal account. |
forgetUser | POST | /forgetUser | Result | The operation must erase the requested groups of personal data related with a specified user. |
HTTP Request
GET /aps/2/resources/{aps-id}/groups
Description
The operation returns an array of personal data groups as classified by the application. Every group is an object containing the group ID (string) and an array of keys. Every key declares a single personal data property that the application can store.
Returns
An array of Group.
HTTP Request
GET /aps/2/resources/{aps-id}/accountInfo?uuid={uuid}
Description
The operation receives the APS ID (UUID) of a personal account as a query string in the URL. It returns this APS ID along with an array of personal data of the required account. Every element of the array represents a property in the Info format.
Parameters
PARAMETER | TYPE | DESCRIPTION |
---|---|---|
uuid | String | APS ID of a personal account supplied as a query string in the URL. |
Returns
An object in the GDPRIdentity format.
HTTP Request
GET /aps/2/resources/{aps-id}/userInfo?uuid={uuid}
Description
The operation receives the APS ID (UUID) of a user as a query string in the URL. It returns this APS ID along with an array of personal data of the required user. Every element of the array represents a property in the Info format.
Parameters
PARAMETER | TYPE | DESCRIPTION |
---|---|---|
uuid | String | APS ID of a user supplied as a query string in the URL. |
Returns
An object in the GDPRIdentity format.
HTTP Request
GET /aps/2/resources/{aps-id}/canForgetAccount?uuid={uuid}
Description
The operation receives the APS ID (UUID) of a personal account as a query string in the URL and in return it informs in the form of Result if it can erase personal data of the specified account.
Parameters
PARAMETER | TYPE | DESCRIPTION |
---|---|---|
uuid | String | APS ID of a personal account supplied as a query string in the URL. |
Returns
An Info object that informs if the application is able to erase the personal data.
HTTP Request
GET /aps/2/resources/{aps-id}/canForgetUser?uuid={uuid}
Description
The application receives the APS ID (UUID) of a user as a query string in the URL and in return it informs in the form of Result if it can erase personal data of the specified user.
Parameters
PARAMETER | TYPE | DESCRIPTION |
---|---|---|
uuid | String | APS ID of a user supplied as a query string in the URL. |
Returns
An Info object that informs if the application is able to erase the personal data.
HTTP Request
POST /aps/2/resources/{aps-id}/forgetAccount
{
"uuid": "string",
"email": "string",
"groupIds": ["array of group IDs"]
}
Description
For the personal account specified by the uuid
and the email
properties, the operation must erase all
personal data included into those groups whose IDs are specified in the groupsIds
array.
Parameters
PARAMETER | TYPE | DESCRIPTION |
---|---|---|
uuid | String | APS ID of a personal account |
String | Email address of a personal account | |
groupIds | Array of strings | A list of IDs that specify those groups that contain personal data to be erased |
Returns
An Info object that informs if the operation is completed successfully.
HTTP Request
POST /aps/2/resources/{aps-id}/forgetUser
{
"uuid": "string",
"email": "string",
"groupIds": ["array of group IDs"]
}
Description
For the user specified by the uuid
and the email
properties, the operation must erase all
personal data included into those groups whose IDs are specified in the groupsIds
array.
Parameters
PARAMETER | TYPE | DESCRIPTION |
---|---|---|
uuid | String | APS ID of a user |
String | Email address of a user | |
groupIds | Array of strings | A list of IDs that specify those groups that contain personal data to be erased |
Returns
An Info object that informs if the operation is completed successfully.
The structure defines a group of properties classified as a part of personal data.
NAME | TYPE | ATTRIBUTES | DEFAULT | DESCRIPTION |
---|---|---|---|---|
groupId | String | Not required | Not applicable | Group ID unique in the scope of an APS application. |
description | String | Not required | “” | Description of the personal data group used in a particular application. |
keys | Array of Key | Not required | [] | Array of keys that declare properties of the group. |
Defines the response structure for the accountInfo and userInfo operations.
NAME | TYPE | ATTRIBUTES | DEFAULT | DESCRIPTION |
---|---|---|---|---|
uuid | String | Not required | Not applicable | APS ID of the user or account whose personal data is returned. |
info | Array | Not required | [] | Array of Info objects, each informing about a property classified as a part of personal data. |
Defines the structure of input for the forgetAccount and forgetUser operations.
NAME | TYPE | ATTRIBUTES | DEFAULT | DESCRIPTION |
---|---|---|---|---|
uuid | String | Not required | Not applicable | APS ID of a personal account or user whose personal data must be erased. |
String in the format of email address | Not required | Not applicable | Email address of a personal account or user whose personal data must be erased. | |
groupIds | Array of strings | Not required | [] | List of IDs specifying those groups that contain personal data to be erased. |
Defines the structure of a response returned by some operations.
NAME | TYPE | ATTRIBUTES | DEFAULT | DESCRIPTION |
---|---|---|---|---|
status | Boolean | Required | Not applicable | true if the operation was completed successfully. |
message | String | Not required | “” | Operation details. |
Defines the structure of an element in a Group of personal data.
NAME | TYPE | ATTRIBUTES | DEFAULT | DESCRIPTION |
---|---|---|---|---|
keyId | String | Not required | “” | ID used to identify a property inside a Group of personal data. |
keyDescription | String | Not required | “” | Describes a property of personal data. |
The structure of a single property contained in personal data. It is an element of the GDPRIdentity structure.
NAME | TYPE | ATTRIBUTES | DEFAULT | DESCRIPTION |
---|---|---|---|---|
groupId | String | Required | Not applicable | ID of a Group that contains the property. |
key | String | Required | Not applicable | A key ID that identifies a Key in the group specified by groupId . |
value | String | Not required | “” | The value of the property specified by groupId and key . |
The Personal Data document explains the implementation of GDPR concepts in the platform and respective API. It also contains sample codes of the methods supporting the custom operations of the considered APS type.