REST API PrivSec for RTBF

Updated on March 20, 2023

The RTBF feature of Cloud Compliance de-identifies personal data. Also, the records associated with related objects follow a specific hierarchy. In particular use cases where the RTBF feature needs to be invoked by an external system, Cloud Compliance offers a REST API interface.

This document explains how to invoke a pre-configured mapping via REST API using a JSON-based callout. The API auto-creates a PrevSec Requests and de-identifies the mentioned record as well as the associated records.

There are 2 REST APIs that are developed for this requirement:

1.  POST Request 1:

/services/apexrest/PCCC_DM/v1/privsec/createRTBF
     

Body 

{
"nameValuePair": {
"FirstName": "Sam",
"LastName": "Conway",
"Email": "samconway21@gmail.com"
},
"objectName": "Contact",
"mappingName": "Contact De-Identification Mapping",
"externalRequest": "EXT1",
"requestedDate": "2022-06-30T23:59:59.000Z",
"description": "RTBF using PrivSec Request REST Call",
"alwaysCreateRequest": true,
"storeNameValuePair": true,
"plannedProcessingDate": "2022-07-15",
"plannedDeletionDate": "2022-07-30",
"plannedAssociatedRecordsPurgeDate": "2022-07-31",
"batchSize": 200
}

Here,

nameValuePair – The user can pass multiple fields in the form of name-value pair that Cloud Compliance will use to identify the record and perform RTBF. Inserting either First Name, Last Name, or email as a part of nameValuePair is mandatory. The values of this field cannot be kept as blank.

objectName – Provide the object name on which the user wants to perform RTBF. Object name parameter is mandatory. The value of this field cannot be kept as blank.

mappingName – Provide an Appropriate mapping name for the appropriate object. Mapping name parameter is mandatory. The value of this field cannot be kept as blank.

externalRequest – When a request is triggered from an external system it records the ID of the request.

requestedDate – The actual Date on which the RTBF request is initiated. Requested Date parameter is mandatory. The value of this field cannot be kept as blank. Recommended date format is ”yyyy-mm-dd”

Description – The user can provide a relevant description of the RTBF operation.

alwaysCreateRequest – alwaysCreateRequest (Boolean) default is false. True implies that a PrivSec request is created even if no record is found based on the nameValue pair. This is needed to support RTBF requests when SF pulls in data from other systems as well…and it is possible that the data subject is not found in SF.

storeNameValuePair – storeNameValuePair (Boolean) default is false. This may be needed by customers who may want to use this information through the Interface class to query other systems.

batchSize – Describes the number of records processed in batch. Recommended batch size is 200.

plannedProcessingDate  – The actual date on which the record will be processed and get de-identify. Recommended date format is ”yyyy-mm-dd”

plannedDeletionDate – The date on which the record will get deleted from the org after successful de-identification. Planned Deletion Date should always be kept after Planned Processing Date. Recommended date format is ”yyyy-mm-dd”

plannedAssociatedRecordsPurgeDate – the associated records with the PrivSec Request record will be deleted on the date which is mentioned in this field. Planned Associated Records Purge Date should always be kept after Planned Deletion Date. Recommended date format is ”yyyy-mm-dd”

2. POST Request 2:

/services/apexrest/PCCC_DM/v1/privsec/getRTBF

Body 

{ "requestId" : "a0i5x00000BCqRSAA1","sendRequestDetails" : true }

Here,

requestId – A record id of PrivSec Request for which the user wants to get all details about RTBF. 

sendRequestDetails – If true, Cloud Compliance will return all the field details of processed records under RTBF in the form of JSON. 


Solution Steps – 

1. Navigate to a Salesforce record (Contact record in this example) that the user wants to perform RTBF on.

2. Copy all the necessary details that the user wants to pass in the body of the REST call in the form of name-value pair.

E.g. FirstName, LastName, Email, etc.

3. Navigate to a REST tool such as Salesforce’s developer workbench, Postman, Insomnia, etc. (This example uses Salesforce Developer Workbench

4. Navigate to the REST Explorer utility within the workbench and select the “POST” method.

5. For the “POST” method, enter Cloud Compliance’s post-service URL.

/services/apexrest/PCCC_DM/v1/privsec/createRTBF

6. Provide all other necessary details in order to perform RTBF in the following JSON format in the request body.

{
"nameValuePair": {
"FirstName": "Sam",
"LastName": "Conway",
"Email": "samconway21@gmail.com"
},
"objectName": "Contact",
"mappingName": "Contact De-Identification Mapping",
"externalRequest": "EXT1",
"requestedDate": "2022-06-30T23:59:59.000Z",
"description": "RTBF using PrivSec Request REST Call",
"alwaysCreateRequest": true,
"storeNameValuePair": true,
"plannedProcessingDate": "2022-07-15",
"plannedDeletionDate": "2022-07-30",
"plannedAssociatedRecordsPurgeDate": "2022-07-31",
"batchSize": 200
}

7. Click the “Execute” button to invoke the REST API

8. The REST API returns a RequestId and a success message(hasError: false) and the PrivSec Request gets created in the Org.

9. Users can also check the Raw Response of the result in the form of name-value pair by clicking on the link “Show Raw Response”. 

10. Now user can navigate to the record and can verify whether the record is de-identified or not.

11. Use the 2nd REST API to get the RTBF JSON using the RequestId.

12. Navigate to the ‘REST Explorer utility within the workbench and select the “POST” method.

13. For the “POST” method, enter Cloud Compliance’s post-service URL.

/services/apexrest/PCCC_DM/v1/privsec/getRTBF
       

14. Provide the necessary details in order to get RTBF details in the following JSON format in the request body.

{ "requestId" : "a0W4L000000KmD0UAK", "sendRequestDetails" : true }

15. Click the “Execute” button to invoke the REST API

16. The REST API returns the Status, Sub-Status, and all other important details of the PrivSec Request.

17. Users can also check the Raw Response of the result in the form of name-value pair by clicking on the link “Show Raw Response”.