APEX API PrivSec for RTBF

Updated on March 20, 2023

The RTBF feature of Cloud Compliance de-identifies personal data. Also, the records associated with related objects follow a certain hierarchy. In particular use cases where the RTBF feature needs to be invoked by an external system, Cloud Compliance offers an APEX API interface.

This document explains how to invoke a mapping that is pre-configured via APEX API using a JSON-based callout. The API auto-creates a PrevSec Requests and de-identifies the mentioned record as well as the associated records.

The two different methods that are available for this APEX API are:-

Method 1. 

 

PCCC_DM.PCL_Wrapper.PCL_HubRequest RTBFRequest = new PCCC_DM.PCL_Wrapper.PCL_HubRequest();
RTBFRequest.nameValuePair = new Map < String, String > {
‘LastName’ => ‘Garnar’,
‘FirstName’ => ‘Fernanda’
};
RTBFRequest.mappingName = ‘Contact De-Identification Mapping’;
RTBFRequest.objectName = ‘Contact’;
RTBFRequest.description = ‘This is description’;
RTBFRequest.externalRequest = String.valueOf(system.today());
RTBFRequest.requestedDate = system.now();
RTBFRequest.alwaysCreateRequest = true;
RTBFRequest.storeNameValuePair = true;
RTBFRequest.batchSize = 200;
RTBFRequest.plannedProcessingDate = system.today();
RTBFRequest.plannedDeletionDate = system.today().adddays(4);
RTBFRequest.plannedAssociatedRecordsPurgeDate = system.today().adddays(8);
PCCC_DM.PCL_Wrapper.PCL_HubResponse res = PCCC_DM.CreatePrivSecRTBFRequest.init(RTBFRequest);
system.debug(res);

Here,

nameValuePair – The user can pass multiple fields in the form of name-value pair that Cloud Compliance will use to identify the record and perform RTBF. Inserting either First Name or Last Name as part of nameValuePair is mandatory.

objectName – Provide the object name on which the user wants to perform RTBF. Object Name parameter is mandatory. The value of this field cannot be kept as blank.

mappingName – Provide an Appropriate mapping name for the appropriate object. Mapping Name parameter is mandatory. The value of this field cannot be kept as blank.

externalRequest – When a request is triggered from the external system it records the ID of the request

requestedDate – Actual Date on which the RTBF request is initiate. The value of this field cannot be kept as blank.

Description – The user can provide a relevant description of the RTBF operation.

alwaysCreateRequest – alwaysCreateRequest (Boolean) default is false. True implies that a PrivSec request is created even if no record is found based on the nameValue pair. This is needed to support RTBF requests when SF pulls in data from other systems as well…and it is possible that the data subject is not found in SF.

storeNameValuePair – storeNameValuePair (Boolean) default is false. This may be needed by customers who may want to use this information through the Interface class to query other systems.

batchSize – Describes the number of records processed in batch. Recommended batch size is 200

plannedProcessingDate  – The actual date on which the record will be processed and get de-identify.

plannedDeletionDate – The date on which record will get deleted from the org after successful de-identification. Planned Deletion Date should always be kept after Planned Processing Date.

plannedAssociatedRecordsPurgeDate – the associated records with the PrivSec Request record will be deleted on the date which is mentioned in this field. Planned Associated Records Purge Date should always be kept after Planned Deletion Date.

Method 2. 

PCCC_DM.PCL_Wrapper.PCL_HubRequest RTBFRequest= new PCCC_DM.PCL_Wrapper.PCL_HubRequest();
RTBFRequest.requestId = ‘a0W4L000000KmFpUAK’;
RTBFRequest.sendRequestDetails = true;
PCCC_DM.PCL_Wrapper.PCL_HubResponse res = PCCC_DM.GetPrivSecRTBFRequest.init(RTBFRequest);
system.debug(res);

Here,

requestId – A record id of PrivSec Request for which the user wants to get all details about RTBF. 

sendRequestDetails – If true, Cloud Compliance will return all the field details of processed records under RTBF in the form of JSON.


Solution Steps – 


1. Navigate to a Salesforce record (Contact record in this example) that the user wants to perform RTBF on.

2. Copy all the necessary details that the user wants to pass in the body of the APEX API call in the form of name-value pair.

E.g. FirstName, LastName, Email, etc.

3. Open the Salesforce Developer Console and prepare the CreatePrivSecRTBFRequest method and click on execute button.

Note– Make sure that RTBF mapping is created for the object of the specified record.

PCCC_DM.PCL_Wrapper.PCL_HubRequest RTBFRequest = new PCCC_DM.PCL_Wrapper.PCL_HubRequest();
RTBFRequest.nameValuePair = new Map < String, String > {
‘LastName’ => ‘Smith’,
‘FirstName’ => ‘Mark’
};
RTBFRequest.mappingName = ‘Contact De-Identification Mapping’;
RTBFRequest.objectName = ‘Contact’;
RTBFRequest.description = ‘This is description’;
RTBFRequest.externalRequest = String.valueOf(system.today());
RTBFRequest.requestedDate = system.now();
RTBFRequest.alwaysCreateRequest = true;
RTBFRequest.storeNameValuePair = true;
RTBFRequest.plannedAssociatedRecordsPurgeDate = system.today().adddays(8);
RTBFRequest.batchSize = 200;
RTBFRequest.plannedProcessingDate = system.today();
RTBFRequest.plannedDeletionDate = system.today().adddays(4);
PCCC_DM.PCL_Wrapper.PCL_HubResponse res = PCCC_DM.CreatePrivSecRTBFRequest.init(RTBFRequest);
system.debug(res)


4. The APEX API returns a RequestId and a success message(hasError: false) and the PrivSec Request gets created in the Org.

5. Use the 2nd APEX API to get the RTBF request details using the RequestId.

Open the Salesforce Developer Console. Prepare the GetPrivSecRTBFRequest method and click on execute button.

PCCC_DM.PCL_Wrapper.PCL_HubRequest RTBFRequest= new PCCC_DM.PCL_Wrapper.PCL_HubRequest();
RTBFRequest.requestId = ‘a0W4L000000KmFzUAK’;
RTBFRequest.sendRequestDetails = true;
PCCC_DM.PCL_Wrapper.PCL_HubResponse res = PCCC_DM.GetPrivSecRTBFRequest.init(RTBFRequest);
system.debug(res);


6. The APEX API returns the Status, Sub-Status, and all other important details of the PrivSec Request.