Data Subject Requests API

data subject requests api submit and manage gdpr and ccpa data subject requests programmatically on behalf of your end users this api follows the field naming conventions of the https //github com/opengdpr/opendsr , making it compatible with privacy tooling that supports the opendsr standard base url https //ds jomablue com/v1 api version 1 0 authentication all requests require a bearer token in the authorization header authorization bearer \<your api key> contact us to obtain an api key for your account endpoints submit a request post /v1/gdpr/requests { "subject request type" "access | erasure", "regulation" "gdpr | ccpa", "subject identities" \[ { "identity type" "string", "identity value" "string", "identity format" "raw | sha256 | md5" } ], "callback email" "string", "notes" "string" } field required notes subject request type yes access to retrieve data, erasure to delete it regulation no gdpr (default) or ccpa subject identities yes at least one identifier required subject identities\[] identity type yes e g contact id , user id subject identities\[] identity value yes the identifier value subject identities\[] identity format no raw (default), sha256 , or md5 callback email required for access where the requested data will be returned ignored on erasure notes no any additional context about the request response — 200 ok { "subject request id" "a7551968 d5d6 44b2 9831 815ac9017798", "subject request type" "erasure", "regulation" "gdpr", "status" "pending", "expected completion time" "2026 04 19", "received time" "2026 03 20t09 15 00z", "api version" "1 0" } save the subject request id — you'll need it to check status or cancel the request the expected completion time is always 30 days from received time , in line with the gdpr article 12 deadline get request status get /v1/gdpr/requests/{subject request id} returns the current status of a request you may only query requests submitted by your account response — 200 ok { "subject request id" "a7551968 d5d6 44b2 9831 815ac9017798", "subject request type" "access", "regulation" "gdpr", "request status" "in progress", "expected completion time" "2026 04 19", "received time" "2026 03 20t09 15 00z", "api version" "1 0" } request statuses status meaning pending received and queued for action in progress being actively worked on completed fulfilled — data returned or deleted rejected could not be fulfilled (e g no matching records found) cancelled cancelled before completion cancel a request delete /v1/gdpr/requests/{subject request id} cancels a request only requests in pending status can be cancelled, and you may only cancel requests submitted by your account response — 200 ok { "subject request id" "a7551968 d5d6 44b2 9831 815ac9017798", "status" "cancelled", "received time" "2026 03 20t09 15 00z", "api version" "1 0" } rate limits requests are subject to two limits global 10 requests/second across all customers, with a burst allowance of 20 per account 100 requests/day by default contact us if you need this increased when your daily limit is reached you will receive a 429 response with the following headers x ratelimit limit 100 x ratelimit used 101 retry after 86400 limits reset at midnight utc the retry after value is always 86400 (24 hours) errors all errors return a consistent shape { "error" "error code", "message" "human readable description " } http code description 400 missing callback email callback email is required for access requests 400 invalid request malformed body or invalid identity object 400 invalid request type subject request type must be access or erasure 400 invalid regulation regulation must be gdpr or ccpa 400 missing identities subject identities must contain at least one entry 401 unauthorized api key missing or invalid 403 forbidden you do not have permission to access this request 404 not found no request found with this id 409 invalid status request cannot be cancelled — it is no longer in pending state 429 rate limit exceeded daily request limit reached — see rate limit headers 500 internal error unexpected server error — please retry quick start submit an erasure request curl x post https //ds jomablue com/v1/gdpr/requests \\ h "authorization bearer \<your api key>" \\ h "content type application/json" \\ d '{ "subject request type" "erasure", "regulation" "gdpr", "subject identities" \[ { "identity type" "contact id", "identity value" "003dn00000rgvthia1" } ] }' submit an access request curl x post https //ds jomablue com/v1/gdpr/requests \\ h "authorization bearer \<your api key>" \\ h "content type application/json" \\ d '{ "subject request type" "access", "regulation" "gdpr", "subject identities" \[ { "identity type" "contact id", "identity value" "003dn00000rgvthia1" } ], "callback email" "subject\@example com" }' check status curl https //ds jomablue com/v1/gdpr/requests/a7551968 d5d6 44b2 9831 815ac9017798 \\ h "authorization bearer \<your api key>" cancel a pending request curl x delete https //ds jomablue com/v1/gdpr/requests/a7551968 d5d6 44b2 9831 815ac9017798 \\ h "authorization bearer \<your api key>"