1. Security Guide
  2. Process Orchestration and Monitoring Cloud Service Authentication & Authorization
  3. Private Data REST Services

Private Data REST Services

This section contains details about the REST Services flavor of the Private Data Services and Tools documented by framework team.

Retailers must call the Private Data REST Service endpoints with the following request headers:

Table 5-11 Request Header

Name Value Required Description

Accept

application/json

OR application/xml

Yes

Tells the server the MIME-type of the re-source.

Authorization

Base64 encoded credentials string

Yes

Authenticates a user agent with the server

List of Endpoints

The table below shows the details of calling the Private Data Service APIs through REST endpoints:

Action Endpoint Path Description

Get a List of Query Group Types

/privatedata/config/{action}

Returns the valid ID types that can be used in private data calls.

Method

  • _GET

Accept

  • _application/json

Path Parameters

  • _action: The private data action for which query group types are being inquired. Valid values include:

    access: access PII data

    forget: remove PII data

    validateForget: check to see if PII data can be removed.

Response Codes

  • _200 - Success

  • _500 - Internal Server Errors - for all other types of errors (for example, config errors, SQL errors, and so on).

Success Payloads 

{ 
"types": [ 
"raf", 
"supplier", 
"customer" 
] 
}

Get Query Group Type Information (for example, Lookup customer ID)

/privatedata/config/{action}/ {id_type}

Returns details of the query group type including the customer ID format required to access or re-move PII data.

Method

  • _GET

Accept

  • _application/json

Path Parameters

  • _action: The data privacy action being attempted on the query group type. Valid values include:

    access: access PII data

    forget: remove PII data

    validateForget: check to see if PII data can be removed.

  • _id_type: The query group type.

Response Codes

  • _200 - Success

  • _400 - Bad Request - Produced for the following situations:

    Invalid input type

  • _500 - Internal Server Errors - for all other types of errors (for example, config errors, SQL errors, and so on).

Success Payloads 

{ 
"customerIdFormat": "{%cus-tomer-Id%}::{%divisionId%}::{%groupId%}", 
"type": "customer" 
}

Access PII

/privatedata/{id_type}

Retrieves PII in the system

Method

  • _GET

Accept

  • _application/json

  • _application/xml

Path Parameters

  • _id_type: The query group type for which PII is to be retrieved.

Query Parameters

  • _customer_id: (required) The customer ID string to be used in looking up PII. The format of this string must conform to the format indicated for the query group type.

  • _jsonFormat : The type of JSON format to return. Valid values: "concise" (default) , "full". Applicable only if Ac-cept=application/json.

Response Codes and Error Mes-sages

  • _200 - Success

  • _400 - Bad Request - Produced for the following situations: o Customer ID does not match the required format

    Invalid input type

    Missing customer ID

    Invalid jsonFormat

  • _500 - Internal Server Errors - for all other types of errors (for example, config errors, SQL errors, and so on).

Success Payloads

  • _When Accept=application/json, this API will return PII in JSON format.

  • _When Accept=application/xml, this API will return PII formatted as an HTML page.

  • _Refer to section Output Format for Accessing PII for more details.

Remove PII

/privatedata/{id_type}

Removes PII from the system.

Method

  • _DELETE

Accept

  • _application/json

Path Parameters

  • _id_type: The query group type for which PII is to be removed.

Query Parameters

  • _customer_id: (required) The customer ID string to be used in looking up PII. The format of this string must conform to the format required for the query group type.

Response Codes

  • _200 - Success - Delete successful

  • _412 - Precondition Failed - Una-ble to delete.

  • _400 - Bad Request - Produced for the following situations: o Customer ID does not match the required format

    Invalid input type

    Missing customer ID

  • _500 - Internal Server Errors - for all other types of errors (for example, config errors, SQL errors, and so on).

Validate If PII Can Be Removed

/privatedata/{id_type}/ validate-Forget

Validates whether a customer can be removed from the system.

Method

  • _GET

Accept

  • _application/json

Path Parameters

  • _id_type: The query group type for which PII is to be removed.

Query Parameters

  • _customer_id: (required) The customer ID string to be used in looking up PII. The format of this string must conform to the format required for the query group type.

Response Codes

  • _200 - Success - Person can be deleted

  • _412 - Precondition Failed - Per-son cannot be deleted

  • _400 - Bad Request - Produced for the following situations: o Customer ID does not match the required format

    Invalid input type

    Missing customer ID

  • _500 - Internal Server Errors - for all other types of errors (for example, config errors, sql errors, amd so on).

Output Format for Accessing PII

The following output formats are supported by the REST endpoint for accessing PII:

Format Description

Concise JSON (default)

Human readable JSON format.

Concise but cannot be parsed into a generic stucture at runtime.

Full JSON

Full JSON format that can be parsed electronically.

Ideal for importing data into the system (a future functionality)

Human Readable HTML

Human readable HTML format.