Platform API
Data Privacy

Data Privacy

For your application, SendBird provides a set of APIs to protect users' rights to privacy and personal data. New APIs launched in the future will be continuously focused on protection, control, and compliance of the data regulations.

Actions

  • API endpoints are relative to the base URL allocated to your application. In this page, the /privacy endpoint refers to https://api-{application_id}.sendbird.com/v3/privacy.

Note: If you want to know the ID and base URL of your application, sign in to your dashboard, select the application, open the Overview, and then check the App credentials > App ID, API request URL.

GDPR (General Data Protection Regulation)
ActionHTTP Request

List GDPR requests

GET /privacy/gdpr
Retrieves a list of GDPR requests of all types.

View a GDPR request

GET /privacy/gdpr/{request_id}
Retrieves a specific GDPR request.

Register a GDPR request

POST /privacy/gdpr
Registers a specific type of GDPR request to meet the GDPR's requirements.

Unregister a GDPR request

DELETE /privacy/gdpr/{request_id}
Unregisters a specific GDPR request.


List GDPR requests

Retrieves a list of GDPR requests of all types.

HTTP request

Light Color Skin
Copy
GET https://api-{application_id}.sendbird.com/v3/privacy/gdpr 

Parameters

The following table lists the parameters that this action supports.

Parameters
OptionalTypeDescription

token

string

Specifies a token that indicates the starting index of a chunk of results to retrieve. If not specified, the index is set as 0.

limit

int

Specifies the number of results to return per page. Acceptable values are 1 to 100, inclusive. (Default: 10)

Query string example
Light Color Skin
Copy
?token=ZkQ4RDaSTl1AlE1WXlVbF2Y2&limit=5

Response

If successful, this action returns a list of GDPR requests of all types in the response body

Status: 200 OK
Light Color Skin
Copy
{
    "requests": [
        {
            "request_id": "944a3469aa5j831",
            "action": "delete",
            "status": "scheduled",
            "user_ids": ["Jacob", "Glen", "John"],
            "user_id": "Jacob",
            "channel_delete_option": "do_not_delete",
            "created_at": 1565343241000
        },
        {
            "request_id": "55b49a317d18480",
            "action": "delete"
            "status": "done",
            "user_ids": ["Alek", "Andi"],
            "user_id": "Alek",
            "channel_delete_option": "all",
            "files": {
                "url": "",
                "expires_at": 0
            },
            "created_at": 1565169737000
        },
        {
            "request_id": "4832ba69aa482d9",
            "action": "access",
            "status": "scheduled",
            "user_id": "Mickey",
            "created_at": 1565167921000
        },
        {
            "request_id": "66e7c52292984ff",
            "action": "access",
            "status": "done",
            "user_id": "Jeff",
            "files": {   # The 'files' appears only when the status is 'done'.
                "url": "https://sendbird-us-1.s3-us-west-2.amazonaws.com/36e7c52292d32ef.zip?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=b84c5aa3a7fecac360dceed6eb91c549733f38c72eff899825edd2d64b4bb42b&X-Amz-Date=20190807T093010Z&X-Amz-Credential=AKIAISCYADSMJDK2PZCA%2F20190807%2Fus-west-2%2Fs3%2Faws4_request",
                "expires_at": 1565775010191     # 7 days from the timestamp of file creation.
            },
            "created_at": 1565169776000
        },
        ...
    ],
    "next": "XZYZ2AVnQVErEUBXWFNeF25dFkFZVA~~"
}
Property nameTypeDescription

requests[]

list

A list of GDPR requests.

(request).request_id

string

The unique ID for a GDPR request.

(request).action

string

The type of a GDPR request.

(request).status

string

The current status of a GDPR request, which is represented in one of the following:
- scheduled: the request is scheduled to process.
- processing: the request is being processed.
- done: the request has been completed.
- no_data: no corresponding data because the user was already deleted, or there was an issue in the server.

(request).user_ids[]

array

The IDs of the deleted users to meet the GDPR's requirements. This is effective only when the value of the action property is delete.

(request).user_id

string

The ID of the accessed user to meet the GDPR's requirements. This is effective only when the value of the action property is access.

(request).files

nested object

The information of the zip file created from a GDRP request. This object has the following two properties:
- url: the URL of the zip file containing the result file and folders for downloading. The full name of the file is <user_name>.json and the names of the folders are channels and messages.
- expires_at: the time at which the zip file expires. This indicates that the file will be valid for the next 7 days starting from the timestamp of file creation.

(request).created_at

long

The time in which a request was created, in Unix milliseconds format.

next

string

The value for the token parameter to retrieve the next page in the result set.


View a GDPR request

Retrieves a specific GDPR request.

HTTP request

Light Color Skin
Copy
GET https://api-{application_id}.sendbird.com/v3/privacy/gdpr/{request_id}

Parameters

The following table lists the parameters that this action supports.

Parameters
RequiredTypeDescription

request_id

string

Specifies the ID of the GDPR request to retrieve.

Response

If successful, this action returns the information about the GDPR request in the response body.


Register a GDPR request

Registers a specific type of GDPR request to meet the GDPR's requirements.

Note: Currently, only delete and access of the user data are supported. The abilities for the right to restriction of processing and right to object will be available soon.

HTTP request

Light Color Skin
Copy
POST https://api-{application_id}.sendbird.com/v3/privacy/gdpr

Request body

The following table lists the properties of an HTTP request that this action supports.

Properties
OptionalTypeDescription

action

string

Determines the type of a GDPR request. Acceptable values are limited to access and delete. If set to access, SendBird server generates a downloadable zip file containing the data of the specified user with the user_id property to comply with GDPR's right to access of the data subject. If set to delete, the specified users with the user_ids property will be permanently deleted from your SendBird application to comply with GDPR's right to erasure of the data subject. (Default: delete)

user_ids

array

Specifies an array of the IDs of the users to delete in order to meet the GDPR's requirements. The maximum number of users to be processed at once is 100. This should be specified when the value of the action property is delete.

channel_delete_option

string

Determines the scope of group channels to delete in addition to deleting the specified users with the user_ids property. Acceptable values are do_not_delete, 1_on_1, and all. This only works when the value of the action property is delete. (Default: do_not_delete)
- do_not_delete: the users will be deleted but their joined group channels will remain.
- 1_on_1: only 1-on-1 group channels of the users will be deleted. (This option can be useful when eliminating spam users)
- all: all joined group channels of the users will be deleted.

user_id

string

Specifies the ID of the user to meet the GDPR's requirements.

access
delete
Light Color Skin
Copy
# Request body example
{
    "action": "access",
    "user_id": "Julia"
}
Light Color Skin
Copy
# Request body example
{
    "action": "delete",
    "user_ids": ["James", "Leslie", "Jenna"],
    "channel_delete_option": "all" 
}

Response

If successful, this action returns the information about the GDPR request in the response body.

access
delete
Light Color Skin
Copy
# Status: 200 OK
{
    "request_id": "9812a469aa58471",
    "action": "access",
    "status": "scheduled",
    "user_id": "Julia",
    "created_at": 1565167921000
}
Light Color Skin
Copy
# Status: 200 OK
{
    "request_id": "be855ad1ebf74a1",
    "action": "delete",
    "status": "scheduled",
    "user_ids": ["James", "Leslie", "Jenna"],
    "user_id": "James",
    "channel_delete_option": "all",
    "created_at": 1565168151000
}

Unregister a GDPR request

Unregisters a specific GDPR request.

HTTP request

Light Color Skin
Copy
DELETE https://api-{application_id}.sendbird.com/v3/privacy/gdpr/{request_id}

Parameters

The following table lists the parameters that this action supports.

Parameters
RequiredTypeDescription

request_id

string

Specifies the unique ID of a GDPR request to unregister.

Response

If successful, this action returns an empty response body.