Endpoint and Authentication
Please refer to the API overview section to get the API endpoint, query format and authentication process.
This section of the documentation shows how to access all the data FA has stored about a set of users and how to ask for a deletion of it.
GDPR
Data Export
POST /api/gdpr/access_user_data
Requests the access to data of a set of users. This request is stored in our system and is valid for 1 week, after which we discard it. This API returns a callback endpoint which you can access to check for the status of this request. Once the request has been processed, you can download the data in one of (or both) ways:
- Calling the callback endpoint returned by this API. (Check the documentation for the callback endpoint below)
- The link to download the data is sent to your email.
Body Parameters
| Property | Type | Description | Default |
|---|---|---|---|
| users | Array | An array of strings of user ids to get the data from. | required |
| skip_email | boolean | Indicates whether or not FA should notify your email with a download link once the data is ready to be downloaded. Note that if this parameter is passed as true, the only way to download the data is via the callback endpoint. |
false |
Response
If the request has been successfully acknowledged:
Status: 200 OK
{
"success": true,
"result": {
"callback_url": "https://api.follow-apps.com/api/gdpr_request/export?request_id=..."
}
}
If the list of user ids is not provided or contains invalid user ids (anything other than an array of strings):
Status: 400
{
"status": "400",
"success": false,
"error_message": "Please provide a valid list of user ids"
}
Callback endpoint for Data Access
GET /api/gdpr_request/export
This API returns the status of a data export request.
| Property | Type | Description | Default |
|---|---|---|---|
| request_id | string | A unique identifier of a data export request. | required |
Response
If the request has been acknowledged by our system but hasn't yet been processed:
Status: 200 OK
{
"success": true,
"result": {
"status": "received",
"download_urls": {
"some_user_id": null
},
"requested_at": "2018-07-02T09:18:53.434Z",
"skip_email": false,
"email": "youremail@follow-apps.com"
}
}
If the request has been acknowledged by our system and the data is ready to be downloaded:
Status: 200 OK
{
"success": true,
"result": {
"status": "treated",
"download_urls": {
"some_user_id": "https://somedownload_link..."
},
"requested_at": "2018-07-02T09:18:53.434Z",
"skip_email": false,
"email": "youremail@follow-apps.com"
}
}
If the request has been acknowledged by our system but there's no data recorded for the user:
Status: 200 OK
{
"success": true,
"result": {
"status": "treated",
"download_urls": {
"some_user_id": "No installations found for this user"
},
"requested_at": "2018-07-02T09:18:53.434Z",
"skip_email": false,
"email": "youremail@follow-apps.com"
}
}
If the request id parameter is not provided:
Status: 400
{
"status": "400",
"success": false,
"error_message": "Please provide a request id"
}
If an invalid request id, or a request id for a request that has already been expired, is provided:
Status: 400
{
"status": "400",
"success": false,
"error_message": "No request found or request expired for request id ..."
}
Data Deletion
POST /api/gdpr/delete_user_data
Body Parameters
Requests the deletion of the data of a set of users. This request is stored in our system and is valid for 1 week, after which we discard it. This API returns a callback endpoint which you can access to check for the status of this request. Check the documentation for this endpoint below. Once the request has been successfully processed, you can check that your data has been correctly deleted by calling the data export endpoint again. By default, an email will also be sent once the data has been successfully deleted.
| Property | Type | Description | Default |
|---|---|---|---|
| users | Array | An array of strings of user ids to get the data from. | required |
| skip_email | boolean | Indicates whether or not FA should notify your email once the data has been successfully deleted. Note that if this parameter is passed as true, the only way to download the data is via the callback endpoint. |
false |
Response
If the request has been acknowledged successfully:
Status: 200 OK
{
"success": true,
"result": {
"callback_url": "https://api.follow-apps.com/api/gdpr_request/delete?request_id=..."
}
}
If the list of user ids is not provided or contains invalid user ids (anything other than an array of strings):
Status: 400
{
"status": "400",
"success": false,
"error_message": "Please provide a valid list of user ids"
}
Callback endpoint for Data Deletion
GET /api/gdpr_request/delete
This API returns the status of a data deletion request.
| Property | Type | Description | Default |
|---|---|---|---|
| request_id | string | A unique identifier of a data export request. | required |
Response
If the request has been acknowledged by our system but hasn't yet been processed:
Status: 200 OK
{
"success": true,
"result": {
"status": "received",
"user_ids": {
"some_user_id": null
},
"requested_at": "2018-07-02T09:18:53.434Z",
"skip_email": false,
"email": "youremail@follow-apps.com"
}
}
If the request has been acknowledged by our system and the data has been deleted:
Status: 200 OK
{
"success": true,
"result": {
"status": "treated",
"user_ids": {
"some_user_id": "treated"
},
"requested_at": "2018-07-02T09:18:53.434Z",
"skip_email": false,
"email": "youremail@follow-apps.com"
}
}
If the request id parameter is not provided:
Status: 400
{
"status": "400",
"success": false,
"error_message": "Please provide a request id"
}
If an invalid request id, or a request id for a request that has already been expired, is provided:
Status: 400
{
"status": "400",
"success": false,
"error_message": "No request found or request expired for request id ..."
}
Polling API
GET /api/gdpr/latest_requests?users=users&request_types=request_types&modified_since=modified_since
Returns the requests in the last 7 days for all the users of the current user's entity, or for the users passed
as query parameter. It includes, in the response, the source of the request: api if the request was made via (our data-export public API), or sdk, if the
request was made via an application's SDK.
Query Parameters
| Property | Type | Description | Default |
|---|---|---|---|
| users | Array | A comma separated string of user ids. | - |
| request_types | String | A comma separated string indicating the API to retrieve only requests of the provided type. Accepted values are 'access' and 'delete'. If no value is provided, both types of requests are returned in the response. | - |
| modified_since | datetime | The date in UTC which tells the API to return only the requests that were modified after this date. Expressed in any ISO format, e.g. 2017-04-06T16:41:44+05:00. This date is ignored if it is older than 7 days. |
7 days ago |
Response
If the request has been acknowledged successfully and request type is access:
Status: 200 OK
{
"success": true,
"result": [
{
"user_id": "User123",
"received_at": "2017-04-06T16:41:44+05:00",
"request_type": "access",
"forwarded_to_emails": [
"email1@email.com", "email2@email.com"
],
"forwarded_at": "2017-04-06T16:44:44+05:00",
"treated_by_fa_at": "2017-04-06T16:44:40+05:00",
"download_link": "https://hereisalinktothereport.com",
"source": "api"
}
]
}
If the request has been acknowledged sucessfully and request type is delete:
Status: 200 OK
{
"success": true,
"result": [
{
"user_id": "User123",
"received_at": "2017-04-06T16:41:44+05:00",
"request_type": "delete",
"forwarded_to_emails": [
"email1@email.com", "email2@email.com"
],
"forwarded_at": "2017-04-06T16:44:44+05:00",
"treated_by_fa_at": "2017-04-06T16:44:40+05:00",
"source": "sdk",
"app_id": "FAAPPLI_TjmUp2k"
}
]
}
If the request_types parameter doesn't include access nor delete:
Status: 400
{
"status": "400",
"success": false,
"error_message": "Wrong 'request_types' parameter value."
}