Data Subject Requests API

Full DSR lifecycle management โ€” create, verify, assign, track, extend, complete, or deny data subject requests. All endpoints require JWT authentication.

Request CRUD (20 endpoints)

POST /api/v1/dsr/requests ๐Ÿ”’
Create a new data subject request.

Request Body

FieldTypeRequiredDescription
typestringYesaccess, deletion, rectification, portability, opt-out, restriction
subjectNamestringYesData subject's name
subjectEmailstringYesData subject's email
descriptionstringNoRequest details
frameworkstringNoApplicable framework (e.g. gdpr, ccpa)
 
curl -X POST https://api.privabase.com/api/v1/dsr/requests \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "deletion",
    "subjectName": "Jane Doe",
    "subjectEmail": "jane@example.com",
    "framework": "gdpr"
  }'
GET /api/v1/dsr/requests ๐Ÿ”’
List all DSR requests. Supports filtering and pagination.
GET /api/v1/dsr/requests/:id ๐Ÿ”’
Get a specific DSR request with full details and history.
PUT /api/v1/dsr/requests/:id ๐Ÿ”’
Update a DSR request.
PUT /api/v1/dsr/requests/:id/status ๐Ÿ”’
Update request status directly.
DELETE /api/v1/dsr/requests/:id ๐Ÿ”’
Delete a DSR request.

Lifecycle Actions

POST /api/v1/dsr/requests/:id/verify ๐Ÿ”’
Initiate identity verification for the data subject.
POST /api/v1/dsr/requests/:id/verify/complete ๐Ÿ”’
Mark identity verification as complete.
POST /api/v1/dsr/requests/:id/assign ๐Ÿ”’
Assign a request to a team member.

Request Body

{ "assigneeId": "user-uuid" }
POST /api/v1/dsr/requests/:id/notes ๐Ÿ”’
Add an internal note to a request.

Request Body

{ "note": "Verified identity via phone call on 2026-03-13" }
POST /api/v1/dsr/requests/:id/extend ๐Ÿ”’
Extend the response deadline (e.g. GDPR allows 2-month extension for complex requests).

Request Body

{ "reason": "Complex request requiring additional data gathering", "days": 60 }
POST /api/v1/dsr/requests/:id/complete ๐Ÿ”’
Mark a request as completed.
POST /api/v1/dsr/requests/:id/deny ๐Ÿ”’
Deny a request with a reason.

Request Body

{ "reason": "Unable to verify identity after multiple attempts" }

Bulk Operations

POST /api/v1/dsr/bulk/status ๐Ÿ”’
Bulk update status for multiple requests.

Request Body

{ "requestIds": ["id1", "id2"], "status": "in-progress" }
POST /api/v1/dsr/bulk/assign ๐Ÿ”’
Bulk assign requests to a team member.

Reporting

GET /api/v1/dsr/export ๐Ÿ”’
Export DSR requests as CSV or JSON for compliance reporting.
GET /api/v1/dsr/stats ๐Ÿ”’
Get DSR statistics โ€” total, by status, by type, average response time.
GET /api/v1/dsr/overdue ๐Ÿ”’
List overdue DSR requests.
GET /api/v1/dsr/sla-report ๐Ÿ”’
Get SLA compliance report โ€” percentage of requests met within regulatory deadlines.
GET /api/v1/dsr/templates ๐Ÿ”’
Get DSR response templates for different request types and frameworks.

PrivaBase API v1.3.0 ยท privabase.com