Create a new data subject request

PUT https://aws.consentgrid.io/v1/dsr/requests?by.type=userType&by.id=userId
Authorization: Bearer apiKey

Create a new data subject request for a data subject, optionally reported by by.

PUT https://aws.consentgrid.io/v1/dsr/requests
cplsessionHeader: subject session cookie

Create a new data subject request for the current data subject.

The request body contains the definition of the request:

{
  "typeId": DSR type id
  "labels": ["label1", "label2",...],
  "status": "draft",
  "owner": {
    "type": "user",
    "id": "userId"
  },
  "data": {
    Fields defined for this DSR type
  },
  "metadata": {
    "key": "value",...
  },
  "dueDate": "2020-01-20T00:00:00Z",  
  "attachments": {
    "fieldName": [
      {
        "fileName": "file.png",
        "contentType": "image/png",
        "data": "base64 data"
      }
    ]
   }
}

The typeId field gives the type of the request, and determines what fields and attachments are available. All additional fields and attachments defined for that type should be given under the data and attachments fields. The status of the request cannot be changed to submitted until all the required fields and attachments are provided.

Data subject id is given in owner object. If the API is called with a session cookie or a session token, the data subject id is set from the session. The data subject must be created before this call.

Attachments for the DSR item can be given as Base64 encoded strings under the attachments, or they can be added later using upload attachment API calls.

Response

200 Ok

The response is the request creation status object.

{
  "result": {
    "id": "request id",
    "status": "draft", or submitted
    "ok": true,
    "fieldErrors": {
      "field1": "error1",
      ...
    },
    "attachmentErrors": {
      "attachment1": "error1",
     ...
    },
    "error": "error msg"
}

If there are no errors, ok will be true. Otherwise the error messages will describe what the error is. Field-specific or attachment-specific errors messages may be present if fields do not pass validation tests.

400 Bad Request

Malformed request, invalid value, etc. The return value is a JSON error object containing diagnostic information.

403 Forbidden

The authenticated key does not have the privileges for this operation. The return value is a JSON error object containing diagnostic information.