REST API – Cascade De-identification – Cloud Compliance

De-identify personal data associated with related objects that follow a certain hierarchy. using the cascade de-identification feature of Cloud Compliance. Cloud Compliance offers a REST API interface in use cases where the cascade de-identification feature needs to be invoked by an external system,

Invoke a mapping that is pre-configured via REST API using a JSON based callout. The API auto-creates a case and de-identifies the parent mentioned in the case record and its child and grandchild records.

The REST APIs that are developed for this requirement are as follows – 

1.  POST Request: 

URL

/services/apexrest/PCCC_DM/v1/Dsar/DeIdentification

Request Body 

{“sourceRecordId”: “ID”, “deIdentificationMapName”: “MAP_NAME”}

2. GET Request : 

URL

/services/apexrest/PCCC_DM/v1/Dsar/DeIdentification?caseId=500f400000QMG3YAAX

Solution Steps
 

1. Navigate -> RTBF/De-identification section of the Implement tab of Cloud Compliance UI and open the existing de-identification mapping by clicking on the “View” button.

2.png

2. Considering de-identification at three-level – “Account” as a parent, “Contact” as a child and “Asset” as a grandchild. Copy the de-identification mapping name of the parent object.  ‘Account Mapping’ in this case. Add this mapping name in the REST script that needs to be executed for cascade de-identification.

Note – Parent objects can have multiple child objects. Similarly, child objects can have multiple grandchild objects.

3.png


 

3. Make sure that selected mapping is Active and set as default.

4.png

4. Navigate -> Salesforce Account record that needs to be de-identified. Make sure it is associated with contact records as a child and asset records as the grandchild. Get the record Id from the URL which is highlighted in the screenshot and paste it in the APEX script that needs to be executed fo cascade de-identification

5.png

5. Navigate -> REST tool such as Salesforce developer workbench, Postman, Insomnia, etc. (This example uses Salesforce Developer Workbench) https://workbench.developerforce.com/restExplorer.php 

6.png

6. Navigate -> ‘REST Explorer’  from the Utility tab  within the workbench and select the “POST” method

7.png

7. For the “POST” method, enter the Cloud Compliance’s REST call URL

/services/apexrest/PCCC_DM/v1/Dsar/DeIdentification
8.png

8. Copy the Record Id (Account) and Mapping Name with the following JSON format in the request body
 

{ “sourceRecordId”: “0010b00002QarCgAAJ”, “deIdentificationMapName”: “Account Mapping”}
10.png

9. Click the “Execute” button to invoke the REST API

11.png

10. The REST API returns a case id and a success message(hasError: false).

12.png

 11. Use the 2nd REST API to get the case status in  JSON format by passing  the Case ID in below URL

/services/apexrest/PCCC_DM/v1/Dsar/DeIdentification?caseId=5000b00001bFbUiAAK
14.png

12. Click on Execute and it should fetch the case details in JSON format.

15.png

13. The detail raw response is as follows – 


Raw Response

{
“case”: “{\n&nbsp; \”attributes\” : {\n&nbsp; &nbsp; \”type\” : \”Case\”,\n&nbsp; &nbsp; \”url\” : \”/services/data/v48.0/sobjects/Case/5000b00001bFbUiAAK\”\n&nbsp; },\n&nbsp; \”Id\” : \”5000b00001bFbUiAAK\”,\n&nbsp; \”PCCC_DM__DSAR_Status__c\” : \”De-identified\”,\n&nbsp; \”PCCC_DM__DSAR_Type__c\” : \”De-identification\”,\n&nbsp; \”PCCC_DM__Data_Subject__c\” : \”0010b00002VQEPGAA5\”,\n&nbsp; \”PCCC_DM__Data_Subject_Records__r\” : {\n&nbsp; &nbsp; \”totalSize\” : 3,\n&nbsp; &nbsp; \”done\” : true,\n&nbsp; &nbsp; \”records\” : [ {\n&nbsp; &nbsp; &nbsp; \”attributes\” : {\n&nbsp; &nbsp; &nbsp; &nbsp; \”type\” : \”PCCC_DM__Data_Subject_Record__c\”,\n&nbsp; &nbsp; &nbsp; &nbsp; \”url\” : \”/services/data/v48.0/sobjects/PCCC_DM__Data_Subject_Record__c/a090b00000fAQllAAG\”\n&nbsp; &nbsp; &nbsp; },\n&nbsp; &nbsp; &nbsp; \”PCCC_DM__Case__c\” : \”5000b00001bFbUiAAK\”,\n&nbsp; &nbsp; &nbsp; \”Id\” : \”a090b00000fAQllAAG\”,\n&nbsp; &nbsp; &nbsp; \”PCCC_DM__Proof_of_de_identification__c\” : \”<a href=”
https: //drive-ruby-6782.my.salesforce.com/a0D0b00000opLxpEAE/” target=”_blank” rel=”noreferrer noopener”>https://drive-ruby-6782.my.salesforce.com/a0D0b00000opLxpEAE\</a>”,\n&nbsp; &nbsp; &nbsp; \”PCCC_DM__Source_Id__c\” : \”0010b00002VQEPGAA5\”,\n&nbsp; &nbsp; &nbsp; \”PCCC_DM__Object_Name__c\” : \”Account\”,\n&nbsp; &nbsp; &nbsp; \”PCCC_DM__Status__c\” : \”Processed\”\n&nbsp; &nbsp; }, {\n&nbsp; &nbsp; &nbsp; \”attributes\” : {\n&nbsp; &nbsp; &nbsp; &nbsp; \”type\” : \”PCCC_DM__Data_Subject_Record__c\”,\n&nbsp; &nbsp; &nbsp; &nbsp; \”url\” : \”/services/data/v48.0/sobjects/PCCC_DM__Data_Subject_Record__c/a090b00000fAQlqAAG\”\n&nbsp; &nbsp; &nbsp; },\n&nbsp; &nbsp; &nbsp; \”PCCC_DM__Case__c\” : \”5000b00001bFbUiAAK\”,\n&nbsp; &nbsp; &nbsp; \”Id\” : \”a090b00000fAQlqAAG\”,\n&nbsp; &nbsp; &nbsp; \”PCCC_DM__Proof_of_de_identification__c\” : \”<a href=”https://drive-ruby-6782.my.salesforce.com/a0D0b00000opLxoEAE/” target=”_blank” rel=”noreferrer noopener”>https://drive-ruby-6782.my.salesforce.com/a0D0b00000opLxoEAE\</a>”,\n&nbsp; &nbsp; &nbsp; \”PCCC_DM__Source_Id__c\” : \”0030b00002RNrOFAA1\”,\n&nbsp; &nbsp; &nbsp; \”PCCC_DM__Object_Name__c\” : \”Contact\”,\n&nbsp; &nbsp; &nbsp; \”PCCC_DM__Status__c\” : \”Processed\”\n&nbsp; &nbsp; }, {\n&nbsp; &nbsp; &nbsp; \”attributes\” : {\n&nbsp; &nbsp; &nbsp; &nbsp; \”type\” : \”PCCC_DM__Data_Subject_Record__c\”,\n&nbsp; &nbsp; &nbsp; &nbsp; \”url\” : \”/services/data/v48.0/sobjects/PCCC_DM__Data_Subject_Record__c/a090b00000fAQlrAAG\”\n&nbsp; &nbsp; &nbsp; },\n&nbsp; &nbsp; &nbsp; \”PCCC_DM__Case__c\” : \”5000b00001bFbUiAAK\”,\n&nbsp; &nbsp; &nbsp; \”Id\” : \”a090b00000fAQlrAAG\”,\n&nbsp; &nbsp; &nbsp; \”PCCC_DM__Proof_of_de_identification__c\” : \”<a href=”https://drive-ruby-6782.my.salesforce.com/a0D0b00000opLxuEAE/” target=”_blank” rel=”noreferrer noopener”>https://drive-ruby-6782.my.salesforce.com/a0D0b00000opLxuEAE\</a>”,\n&nbsp; &nbsp; &nbsp; \”PCCC_DM__Source_Id__c\” : \”02i0b000010bi53AAA\”,\n&nbsp; &nbsp; &nbsp; \”PCCC_DM__Object_Name__c\” : \”Asset\”,\n&nbsp; &nbsp; &nbsp; \”PCCC_DM__Status__c\” : \”Processed\”\n&nbsp; &nbsp; } ]\n&nbsp; }\n}”,”hasError”:false}

14. Navigate to the newly created case record, and check its related list to validate that records are successfully de-identified. Click on the record URL of the Account record processed under the Data Subject Record related list, to validate the record de-identification.

17.png

15. The Account  – Contact – Asset is de-identified which can be validated. 

18.png