REST API PrivSec for RTBF

The RTBF feature of Cloud Compliance de-identifies personal data. Also, the records associated with related objects follow a certain hierarchy. In the particular use cases where the RTBF feature needs to be invoked by an external system, Cloud Compliance offers a REST API interface.

This document explains how to invoke a mapping that is pre-configured via REST API using a JSON-based callout. The API auto-creates a PrevSec Requests and de-identifies the mentioned record as well as the associated records.

There are 2 REST APIs that are developed for this requirement:

1.  POST Request 1:

/services/apexrest/PCCC_DM/v1/privsec/createRTBF     

Body 

   {    "nameValuePair" :                                                                                                           {"FirstName":"Sam","LastName":"Conway","Email":"samconway21@gmail.com"},    "objectName" : "Contact",    "mappingName": "Contact De-Identification Mapping",    "externalRequest" : "EXT999",    "requestedDate" : "2021-01-31T23:59:59.000Z",    "description" : "Testing Request",    "alwaysCreateRequest" : false,    "storeNameValuePair" : true,    "plannedAssociatedRecordsPurgeDate" : "2021-01-31",    "batchSize":200,    "plannedProcessingDate": "2021-01-31",    "plannedDeletionDate": "2021-01-31"   }

Here,

nameValuePair – User can pass multiple fields in the form of name-value pair that Cloud Compliance will use to identify the record and perform Data Portability.

objectName – Provide the object name on which user wants to perform Data Portability.

mappingName – Provide an Appropriate mapping name for the appropriate object.

externalRequest – When a request is triggered from an external system it records the ID of the request

requestedDate – Actual Date on which the Portability request is initiated

Description – User can provide a relevant description for Data Portability operation.

alwaysCreateRequest – alwaysCreateRequest (Boolean) default is false. True implies that a PrivSec request is created even if no record is found based on the nameValue pair. This is needed to support Portability requests when SF pulls in data from other systems as well…and it is possible that the data subject is not found in SF.

storeNameValuePair – storeNameValuePair (Boolean) default is false. This may be needed by customers who may want to use this information through the Interface class to query other systems.

plannedAssociatedRecordsPurgeDate – the associated records with the PrivSec Request record will be deleted on the date which is mentioned in this field.

batchSize – Describes the number of records processed in batch

plannedProcessingDate  – The actual date on which the record will be processed and get de-identify.

plannedDeletionDate – The date on which record will get deleted from the org after successful de-identification.

2. POST Request 2:

      /services/apexrest/PCCC_DM/v1/privsec/getRTBF   

Body 

  {    "requestId" : "a0i5x00000BCqRSAA1","sendRequestDetails" : true  }

Here,

requestId – A record id of PrivSec Request for which the user wants to get all details about RTBF. 

sendRequestDetails – If true, Cloud Compliance will return all the field details of processed records under RTBF in the form of JSON. 


Solution Steps – 

1. Navigate to a Salesforce record (Contact record in this example) that the user wants to perform RTBF on.

1.png

2. Copy all the necessary details that the user wants to pass in the body of the REST call in the form of name-value pair.

E.g. FirstName, LastName, Email, etc.

3. Navigate to a REST tool such as Salesforce’s developer workbench, Postman, Insomnia, etc. (This example uses Salesforce Developer Workbench) https://workbench.developerforce.com/restExplorer.php 

2.png

4. Navigate to the ‘REST Explorer’ utility within the workbench and select the “POST” method.

3.png

5. For the “POST” method, enter Cloud Compliance’s post-service URL.

4.png
   /services/apexrest/PCCC_DM/v1/privsec/createRTBF  

6. Provide all other necessary details in order to perform RTBF in the following JSON format in the request body.

   {    "nameValuePair" :                                                                                                           {"FirstName":"Sam","LastName":"Conway","Email":"samconway21@gmail.com"},    "objectName" : "Contact",    "mappingName": "Contact De-Identification Mapping",    "externalRequest" : "EXT999",    "requestedDate" : "2021-01-31T23:59:59.000Z",    "description" : "Testing Request",    "alwaysCreateRequest" : false,    "storeNameValuePair" : true,    "plannedAssociatedRecordsPurgeDate" : "2021-01-31",    "batchSize":200,    "plannedProcessingDate": "2021-01-31",    "plannedDeletionDate": "2021-01-31"   }
5.png

7. Click the “Execute” button to invoke the REST API

6.png

8. The REST API returns a RequestId and a success message(hasError: false) and the PrivSec Request gets created in the Org.

7.png

9. Users can also check the Raw Response of the result in the form of name-value pair by clicking on the link “Show Raw Response”. 

8.png

10. Now user can navigate to the record and can verify whether the record is de-identified or not.

9.png

11. Use the 2nd REST API to get the RTBF JSON using the RequestId.

12. Navigate to the ‘REST Explorer’ utility within the workbench and select the “POST” method.

10.png

13. For the “POST” method, enter Cloud Compliance’s post-service URL.

      /services/apexrest/PCCC_DM/v1/privsec/getRTBF         
11.png

14. Provide necessary details in order to get Data Portability details in the following JSON format in the request body.

  {    "requestId" : "a0W4L000000KmD0UAK", "sendRequestDetails" : true  }
12.png

15. Click the “Execute” button to invoke the REST API

13.png

16. The REST API returns the Status, Sub-Status, and all other important details of PrivSec Request.

14.png

17. Users can also check the Raw Response of the result in the form of name-value pair by clicking on the link “Show Raw Response”. 

15.png

Powered by BetterDocs