Table Of Contents

Application Packaging Standard

Last updated 18-Mar-2019

GDPRSupport

This APS type must be implemented by those APS applications that must be compliant with General Data Protection Regulation (GDPR) of the European Union (EU).

Schema

The considered APS type (download) extends the Resource APS type(s) and looks as follows:

{
  "name" : "GDPRSupport",
  "id" : "http://www.odin.com/gdpr-support/1.0",
  "apsVersion" : "2.0",
  "implements" : [ "http://aps-standard.org/types/core/resource/1.0" ],
  "operations" : {
    "groups" : {
      "path" : "/groups",
      "verb" : "GET",
      "response" : {
        "type" : "array",
        "items" : {
          "type" : "Group"
        }
      },
      "errorResponse" : {
        "type" : "object"
      },
      "access" : {
        "owner" : false,
        "referrer" : true,
        "global" : false
      }
    },
    "accountInfo" : {
      "path" : "/accountInfo",
      "verb" : "GET",
      "response" : {
        "type" : "GDPRIdentity"
      },
      "errorResponse" : {
        "type" : "object"
      },
      "access" : {
        "owner" : false,
        "referrer" : true,
        "global" : false
      },
      "parameters" : {
        "uuid" : {
          "kind" : "query",
          "type" : "string"
        }
      }
    },
    "userInfo" : {
      "path" : "/userInfo",
      "verb" : "GET",
      "response" : {
        "type" : "GDPRIdentity"
      },
      "errorResponse" : {
        "type" : "object"
      },
      "access" : {
        "owner" : false,
        "referrer" : true,
        "global" : false
      },
      "parameters" : {
        "uuid" : {
          "kind" : "query",
          "type" : "string"
        }
      }
    },
    "canForgetAccount" : {
      "path" : "/canForgetAccount",
      "verb" : "GET",
      "response" : {
        "type" : "Result"
      },
      "errorResponse" : {
        "type" : "object"
      },
      "access" : {
        "owner" : false,
        "referrer" : true,
        "global" : false
      },
      "parameters" : {
        "uuid" : {
          "kind" : "query",
          "type" : "string"
        }
      }
    },
    "canForgetUser" : {
      "path" : "/canForgetUser",
      "verb" : "GET",
      "response" : {
        "type" : "Result"
      },
      "errorResponse" : {
        "type" : "object"
      },
      "access" : {
        "owner" : false,
        "referrer" : true,
        "global" : false
      },
      "parameters" : {
        "uuid" : {
          "kind" : "query",
          "type" : "string"
        }
      }
    },
    "forgetAccount" : {
      "path" : "/forgetAccount",
      "verb" : "POST",
      "response" : {
        "type" : "Result"
      },
      "errorResponse" : {
        "type" : "object"
      },
      "access" : {
        "owner" : false,
        "referrer" : true,
        "global" : false
      },
      "parameters" : {
        "identity" : {
          "kind" : "body",
          "type" : "GDPRForgetIdentity",
          "required" : true
        }
      }
    },
    "forgetUser" : {
      "path" : "/forgetUser",
      "verb" : "POST",
      "response" : {
        "type" : "Result"
      },
      "errorResponse" : {
        "type" : "object"
      },
      "access" : {
        "owner" : false,
        "referrer" : true,
        "global" : false
      },
      "parameters" : {
        "identity" : {
          "kind" : "body",
          "type" : "GDPRForgetIdentity",
          "required" : true
        }
      }
    }
  },
  "structures" : {
    "Group" : {
      "type" : "object",
      "properties" : {
        "groupId" : {
          "type" : "string"
        },
        "description" : {
          "type" : "string"
        },
        "keys" : {
          "type" : "array",
          "items" : {
            "type" : "Key"
          }
        }
      }
    },
    "GDPRIdentity" : {
      "type" : "object",
      "properties" : {
        "uuid" : {
          "type" : "string"
        },
        "info" : {
          "type" : "array",
          "items" : {
            "type" : "Info"
          }
        }
      }
    },
    "GDPRForgetIdentity" : {
      "type" : "object",
      "properties" : {
        "uuid" : {
          "type" : "string"
        },
        "email" : {
          "type" : "string"
        },
        "groupIds" : {
          "type" : "array",
          "items" : {
            "type" : "string"
          }
        }
      }
    },
    "Result" : {
      "type" : "object",
      "properties" : {
        "status" : {
          "type" : "boolean",
          "required" : true
        },
        "message" : {
          "type" : "string"
        }
      }
    },
    "Key" : {
      "type" : "object",
      "properties" : {
        "keyId" : {
          "type" : "string"
        },
        "keyDescription" : {
          "type" : "string"
        }
      }
    },
    "Info" : {
      "type" : "object",
      "properties" : {
        "groupId" : {
          "type" : "string",
          "required" : true
        },
        "key" : {
          "type" : "string",
          "required" : true
        },
        "value" : {
          "type" : "string"
        }
      }
    }
  }
}

Custom Operations

OPERATION VERB PATH RETURNS Description
groups GET /groups Array of Group The operation returns an array of personal data groups as classified by the application.
accountInfo GET /accountInfo GDPRIdentity The operation receives the APS ID of a personal account and returns the related personal data stored by the application.
userInfo GET /userInfo GDPRIdentity The operation receives the APS ID of a user and returns the related personal data stored by the application.
canForgetAccount GET /canForgetAccount Result The operation confirms whether it can erase personal data of a specified personal account.
canForgetUser GET /canForgetUser Result The operation confirms whether it can erase personal data of a specified user.
forgetAccount POST /forgetAccount Result The operation must erase the requested groups of personal data related with a specified personal account.
forgetUser POST /forgetUser Result The operation must erase the requested groups of personal data related with a specified user.

groups

HTTP Request

GET /aps/2/resources/{aps-id}/groups

Description

The operation returns an array of personal data groups as classified by the application. Every group is an object containing the group ID (string) and an array of keys. Every key declares a single personal data property that the application can store.

Returns

An array of Group.

accountInfo

HTTP Request

GET /aps/2/resources/{aps-id}/accountInfo?uuid={uuid}

Description

The operation receives the APS ID (UUID) of a personal account as a query string in the URL. It returns this APS ID along with an array of personal data of the required account. Every element of the array represents a property in the Info format.

Parameters

PARAMETER TYPE DESCRIPTION
uuid String APS ID of a personal account supplied as a query string in the URL.

Returns

An object in the GDPRIdentity format.

userInfo

HTTP Request

GET /aps/2/resources/{aps-id}/userInfo?uuid={uuid}

Description

The operation receives the APS ID (UUID) of a user as a query string in the URL. It returns this APS ID along with an array of personal data of the required user. Every element of the array represents a property in the Info format.

Parameters

PARAMETER TYPE DESCRIPTION
uuid String APS ID of a user supplied as a query string in the URL.

Returns

An object in the GDPRIdentity format.

canForgetAccount

HTTP Request

GET /aps/2/resources/{aps-id}/canForgetAccount?uuid={uuid}

Description

The operation receives the APS ID (UUID) of a personal account as a query string in the URL and in return it informs in the form of Result if it can erase personal data of the specified account.

Parameters

PARAMETER TYPE DESCRIPTION
uuid String APS ID of a personal account supplied as a query string in the URL.

Returns

An Info object that informs if the application is able to erase the personal data.

canForgetUser

HTTP Request

GET /aps/2/resources/{aps-id}/canForgetUser?uuid={uuid}

Description

The application receives the APS ID (UUID) of a user as a query string in the URL and in return it informs in the form of Result if it can erase personal data of the specified user.

Parameters

PARAMETER TYPE DESCRIPTION
uuid String APS ID of a user supplied as a query string in the URL.

Returns

An Info object that informs if the application is able to erase the personal data.

forgetAccount

HTTP Request

POST /aps/2/resources/{aps-id}/forgetAccount

{
   "uuid": "string",
   "email": "string",
   "groupIds": ["array of group IDs"]
}

Description

For the personal account specified by the uuid and the email properties, the operation must erase all personal data included into those groups whose IDs are specified in the groupsIds array.

Parameters

PARAMETER TYPE DESCRIPTION
uuid String APS ID of a personal account
email String Email address of a personal account
groupIds Array of strings A list of IDs that specify those groups that contain personal data to be erased

Returns

An Info object that informs if the operation is completed successfully.

forgetUser

HTTP Request

POST /aps/2/resources/{aps-id}/forgetUser

{
   "uuid": "string",
   "email": "string",
   "groupIds": ["array of group IDs"]
}

Description

For the user specified by the uuid and the email properties, the operation must erase all personal data included into those groups whose IDs are specified in the groupsIds array.

Parameters

PARAMETER TYPE DESCRIPTION
uuid String APS ID of a user
email String Email address of a user
groupIds Array of strings A list of IDs that specify those groups that contain personal data to be erased

Returns

An Info object that informs if the operation is completed successfully.

Structures

Group

The structure defines a group of properties classified as a part of personal data.

NAME TYPE ATTRIBUTES DEFAULT DESCRIPTION
groupId String Not required Not applicable Group ID unique in the scope of an APS application.
description String Not required “” Description of the personal data group used in a particular application.
keys Array of Key Not required [] Array of keys that declare properties of the group.

GDPRIdentity

Defines the response structure for the accountInfo and userInfo operations.

NAME TYPE ATTRIBUTES DEFAULT DESCRIPTION
uuid String Not required Not applicable APS ID of the user or account whose personal data is returned.
info Array Not required [] Array of Info objects, each informing about a property classified as a part of personal data.

GDPRForgetIdentity

Defines the structure of input for the forgetAccount and forgetUser operations.

NAME TYPE ATTRIBUTES DEFAULT DESCRIPTION
uuid String Not required Not applicable APS ID of a personal account or user whose personal data must be erased.
email String in the format of email address Not required Not applicable Email address of a personal account or user whose personal data must be erased.
groupIds Array of strings Not required [] List of IDs specifying those groups that contain personal data to be erased.

Result

Defines the structure of a response returned by some operations.

NAME TYPE ATTRIBUTES DEFAULT DESCRIPTION
status Boolean Required Not applicable true if the operation was completed successfully.
message String Not required “” Operation details.

Key

Defines the structure of an element in a Group of personal data.

NAME TYPE ATTRIBUTES DEFAULT DESCRIPTION
keyId String Not required “” ID used to identify a property inside a Group of personal data.
keyDescription String Not required “” Describes a property of personal data.

Info

The structure of a single property contained in personal data. It is an element of the GDPRIdentity structure.

NAME TYPE ATTRIBUTES DEFAULT DESCRIPTION
groupId String Required Not applicable ID of a Group that contains the property.
key String Required Not applicable A key ID that identifies a Key in the group specified by groupId.
value String Not required “” The value of the property specified by groupId and key.

Examples

The Personal Data document explains the implementation of GDPR concepts in the platform and respective API. It also contains sample codes of the methods supporting the custom operations of the considered APS type.

Other