How to export participant PII information using the API
The export process is similar to the deletion of data expect that we have to call a different rule.
“Data access and Portability” Rule
This rule will enable a user to extract all the PII about a data subject upon request You can decide to export the profiles based on the First name and/or Last name and/or Email.
Example
- Search the user profile id based on an email
GET /v1/gdpr/profiles?clientId=2449&email=joao@qualifio.com HTTP/1.1
Host: api.qualif.io
x-api-token: *******TOKEN_FOR_ACCOUNT_2449*******
Accept: application/json
Result
[
{
"id": 99,
"firstName": "joao",
"lastName": "pinto",
"function": "",
"gender": "",
"email": "joao@qualifio.com",
"birthDay": null,
"company": "",
"address": "",
"box": "",
"country": "",
"createdAt": "2021-12-14T11:41:06.163Z",
"updatedAt": "2021-12-14T11:41:06.163Z",
"language": "FR",
"ip": "91.183.156.86",
"fb_uid": "0",
"locality": "",
"login": "",
"number": "",
"phone": "",
"trigramme": "joao|pinto|joao@qualifio.com",
"zipcode": "",
"isEmailValid": 0
}
]
You can have multiple results based on the HTTP request. Here for the example we only got 1 participant. id = 99
- Make an export request using participant ids.
POST /v1/gdpr/rules/exportData?clientId=2449 HTTP/1.1
Host: api.qualif.io
x-api-token: *******TOKEN_FOR_ACCOUNT_2449*******
Accept: application/json
Content-Type: application/json
{
"ruleType": "GDPR_ExportData",
"clientId": 2449,
"ruleTypePayload": {
"profiles": [99]
},
"justification": "example justification for export",
"userId": *******DPO_ID_FOR_ACCOUNT_2449*******
}
Result
{
"ruleStatus": {
"status": "NEW",
"updatedAt": "2022-01-28T09:22:54.920Z",
"isAuto": false
},
"_id": "61f807fd94efba001186ec05",
"ruleType": "GDPR_ExportData",
"clientId": 2449,
"ruleTypePayload": {
"profiles": [
{
"crmId": 99,
"crmKey": "joao|pinto|joao@qualifio.com"
}
]
},
"justification": "example justification text",
"callBackUrl": "http://localhost:80/",
"userId": *****,
"createdAt": "2022-01-31T16:02:05.965Z",
"updatedAt": "2022-01-31T16:02:05.965Z",
"__v": 0
}
In case of 200 OK http status, you will see that the returned payload of the RULE just created is at status “NEW”.
This is normal and means that the requested rule was created but not executed. A second call is required to “simulate a DPO validation”.
- Validate the export request (data access and portability rule)
The act of validation is to make a PUT http request to the following end point to approve the rule we just created.
PUT /v1/gdpr/rules/61f807fd94efba001186ec05/validate?clientId=2449 HTTP/1.1
Host: api.qualif.io
x-api-token: *******TOKEN_FOR_ACCOUNT_2449*******
Content-Type: application/json
{
"dpo": *******DPO_ID_FOR_ACCOUNT_2449*******
}
As a parameter we need to specify the rule id created : “61f807fd94efba001186ec05” you retrieve it at the creation of the rule (step 2)
Result
{
"ruleStatus": {
"status": "APPROVED",
"updatedAt": "2022-01-31T16:08:42.128Z",
"isAuto": false,
"acceptedBy": ****,
"acceptedAt": "2022-01-31T16:08:42.128Z"
},
"_id": "61f807fd94efba001186ec05",
"ruleType": "GDPR_ExportData",
"clientId": 2449,
"ruleTypePayload": {
"profiles": [
99
],
"clientId": 2449,
"test": false
},
"justification": "example justification text",
"callBackUrl": "http://localhost:80/",
"userId": ****,
"createdAt": "2022-01-31T16:02:05.965Z",
"updatedAt": "2022-01-31T16:02:05.965Z",
"__v": 0
}
The result status should equals “APPROVED”.
At this stage the system will send a message to all Qualifio sub systems to retrieve PII data from the participant list provided and will store the result into an archive.
Because the system is asynchronous, we have to check the Rule status with another call.
As we do not know how much time it will take, we offer the possibility to provide a callback url that will be called (GET) once the archive is ready.
Example with callback url
{
"ruleType": "GDPR_ExportData",
"clientId": 2449,
"ruleTypePayload": {
"profiles": [99]
},
"justification": "example justification for export",
"callBackUrl": "https://your-service.com/your/params", <---- (optional)
"userId": *******DPO_ID_FOR_ACCOUNT_2449*******
}
- Get the archive location
Once the export process is finished, the system will generate the archive and store it under a specific id. To get that information we need to make an additional HTTP call to the following route: get rule ById
GET /v1/gdpr/rules/61f807fd94efba001186ec05?clientId=2449 HTTP/1.1
Host: api.qualif.io
x-api-token: *******TOKEN_FOR_ACCOUNT_2449*******
Result
{
"ruleStatus": {
"status": "FINISHED",
"updatedAt": "2022-01-31T16:08:46.110Z",
"isAuto": false,
"acceptedAt": "2022-01-31T16:08:42.128Z",
"acceptedBy": ****,
"finishedAt": "2022-01-31T16:08:46.110Z"
},
"_id": "61f807fd94efba001186ec05",
"archive": "61f8098ecd9aaf0011efe84a",
"ruleType": "GDPR_ExportData",
"clientId": 2449,
"ruleTypePayload": {
"profiles": [
{
"crmId": 99,
"crmKey": "joao|pinto|joao@qualifio.com"
}
]
},
"justification": "example justification text",
"callBackUrl": "http://localhost:80/",
"userId": ****,
"createdAt": "2022-01-31T16:02:05.965Z",
"updatedAt": "2022-01-31T16:02:05.965Z",
"__v": 0,
"user": {
"firstName": "Joao",
"lastName": "Pinto",
"email": "joao@qualifio.com",
"clientId": 2
}
}
If the export process is finished you should get a FINISHED status and an “archive” property at the base level of the body.
- Retrieve archive location
GET /v1/gdpr/rules/61f807fd94efba001186ec05/archive/61f8098ecd9aaf0011efe84a?clientId=2449 HTTP/1.1
Host: api.qualif.io
x-api-token: *******TOKEN_FOR_ACCOUNT_2449*******
Result
{
"downloadCount": 0,
"_id": "61f8098ecd9aaf0011efe84a",
"clientId": 2449,
"url": "https://api.qualif.io/v1/archive/export_client_2449_process_e187e74f-2bec-44db-a94b-6cf9f05e3a61/y9wGUDY1JRAFDX5XLhNe2Ez1R",
"download": [],
"__v": 0
}
Here you will have the final link to the archive.