Technical

Configuration

The configuration is stored in Lime data. If no configuration is found, GDPR will not run.

Endpoints

Most endpoints can be authorized either using a Lime sessionId/API-key or a token.

Token

GET, POST, DELETE

/v2/token/<string:limetype_name>/<int:idrecord>/

Gets, creates or updates Token. The user issuing the token must have access to everything configured for the Limetype. Example:

/v2/token/person/1003/

Warning

/token/<string:limetype_name>/<int:idrecord>/ is deprecated. Make sure the LBS apps are updated!

Object

GET, PUT, DELETE

/<string:limetype_name>/<int:idrecord>/
or
/<string:token>/

Returns or updates object. JSON payload for update should be exactly the same format as the JSON from GET. Example:

/person/1003/
or
/ABC1234888123/

Expired objects

GET

/<string:limetype_name>/expired/

Returns a JSON containing the ids of the objects whose expireddate is before now. Example:

/person/expired/

The response may be used as the payload for bulk anonymization. Example:

```json
{
    "person": [
        1034,
        1984
    ]
}
```

Excel

GET

/<string:limetype_name>/<int:idrecord>/excel/
or
/<string:token>/excel/

Returns object as Excel. Example:

/person/1003/excel/
or
/ABC1234888123/excel/

JSON

GET

/<string:limetype_name>/<int:idrecord>/json/
or
/<string:token>/json/

Returns object as simpler formatted JSON, containg only key-values and no Lime meta-data. Example:

/person/1003/json/
or
/ABC1234888123/json/

Anonymize

PUT

/<string:limetype_name>/<int:idrecord>/anonymize/
or
/<string:token>/anonymize/

Anonymizes object. Response will be the anonynomized data as JSON. Example:

/person/1003/anonymize/
or
/ABC1234888123/anonymize/

AnonymizeRequest

POST

/<string:limetype_name>/<int:idrecord>/anonymizerequest/
or
/<string:token>/anonymizerequest/

Requests anonymization by setting the expireddate field to today + expiredays in config. Example:

/person/1003/anonymizerequest/
or
/ABC1234888123/anonymizerequest/

DELETE

/<string:limetype_name>/<int:idrecord>/anonymizerequest/

Deletes request to be anonymized by setting the expireddate field to null.

/person/1003/anonymizerequest/

Consent

Only one Consent is allowed to exist for each Consenttype, therefore Consents work a bit different.

Consent has no GET. The object's Consents and available Consenttypes are always included with GET to the "Object" endpoint.

From version 1.0.0 of GDPR, the consent endpoints only supports tokens.

POST

/<string:token>/<string:consent_relation_name>/

/ABC1234888123/consent/

The JSON payload must contain the id of the Consenttype

```json
    {
        "consenttype_id": 1001
    }
```

PUT

/<string:token>/<string:consent_relation_name>/<int:consent_id>/

/ABC1234888123/consent/1300/

The URL must contain the id of the Consent The payload only supports approved true/false. Deleting a consent is the same as supplying approved=false.

```json
    {
        "approved": true
    }
```

Config

Generates a configuration is based on labels for the most commonly used limetypes and properties such as the person limetype and firstname property.

GET

/config/generate/

Translation

Gets all translations for GDPR, used by the portal. Overrides in the config are applied to these.

GET

/translation/

Events

gdpr.object.updated

Published when an object is updated

gdpr.object.deleted

Published when an object is deleted

gdpr.object.anonymized

Published when an object is anonymized

gdpr.object.anonymize_requested

Published when an object has requested for anonymization

gdpr.object.anonymize_request_deleted

Published when a request for anonymization has been deleted

gdpr.token.created

Published when a token is issued

gdpr.token.deleted

Published when a token is deleted

Consent events

Since version 1.x of GDPR, the consent events are Published by the consent add-on.