Integration Guide

How to integrate PrivaBase into your application. REST API only — no SDK yet. Here's what you need to know.

Base Configuration

Base URL: https://api.privabase.com/api/v1
Content-Type: application/json
Auth: Authorization: Bearer <token>  (or X-API-Key: <key>)

JavaScript / TypeScript

const PRIVABASE_URL = 'https://api.privabase.com/api/v1';
const API_KEY = process.env.PRIVABASE_API_KEY;

async function privabase(path, options = {}) {
  const res = await fetch(`${PRIVABASE_URL}${path}`, {
    headers: {
      'Content-Type': 'application/json',
      'X-API-Key': API_KEY,
      ...options.headers,
    },
    ...options,
  });
  if (!res.ok) throw new Error(`PrivaBase API error: ${res.status}`);
  return res.json();
}

// List frameworks
const frameworks = await privabase('/frameworks');

// Run a GDPR compliance check
const check = await privabase('/frameworks/gdpr/check', {
  method: 'POST',
  body: JSON.stringify({
    businessProfile: {
      collectsPersonalData: true,
      hasPrivacyPolicy: true,
      hasConsentMechanism: false,
    }
  })
});

console.log(`GDPR Score: ${check.data.overallScore}%`);
console.log(`Passed: ${check.data.passed}/${check.data.total}`);

Python

import requests
import os

BASE_URL = 'https://api.privabase.com/api/v1'
API_KEY = os.environ['PRIVABASE_API_KEY']

headers = {
    'Content-Type': 'application/json',
    'X-API-Key': API_KEY,
}

# List frameworks
frameworks = requests.get(f'{BASE_URL}/frameworks', headers=headers).json()

# Run compliance check
check = requests.post(
    f'{BASE_URL}/frameworks/ccpa/check',
    headers=headers,
    json={
        'businessProfile': {
            'collectsPersonalData': True,
            'hasPrivacyPolicy': True,
            'sellsData': False,
            'hasOptOutMechanism': True,
        }
    }
).json()

print(f"CCPA Score: {check['data']['overallScore']}%")

cURL

# Authenticate
TOKEN=$(curl -s -X POST https://api.privabase.com/api/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email": "you@company.com", "password": "pass"}' | jq -r '.data.token')

# Use the token
curl https://api.privabase.com/api/v1/frameworks \
  -H "Authorization: Bearer $TOKEN"

Common Integration Patterns

CI/CD Compliance Gate

Run compliance checks in your CI pipeline and fail the build if critical checks fail:

# .github/workflows/compliance.yml
- name: Compliance Check
  run: |
    RESULT=$(curl -s -X POST $PRIVABASE_URL/frameworks/soc2/check \
      -H "X-API-Key: ${{ secrets.PRIVABASE_KEY }}" \
      -H "Content-Type: application/json" \
      -d '{"businessProfile": ${{ env.BUSINESS_PROFILE }}}')
    
    SCORE=$(echo $RESULT | jq '.data.overallScore')
    if [ "$SCORE" -lt 80 ]; then
      echo "Compliance score $SCORE% below threshold"
      exit 1
    fi

Scheduled Monitoring

Use the Monitoring API to schedule automated checks. Get alerted when your compliance posture changes.

DSR Intake Form

Connect your public-facing DSR form to the DSR API:

// Handle DSR form submission
app.post('/privacy/request', async (req, res) => {
  const { type, name, email, description } = req.body;
  
  await privabase('/dsr/requests', {
    method: 'POST',
    body: JSON.stringify({
      type,
      subjectName: name,
      subjectEmail: email,
      description,
      framework: 'gdpr'
    })
  });

  res.json({ message: 'Your request has been received. We will respond within 30 days.' });
});

Rate Limits

Rate limit headers are included in every response:

• X-RateLimit-Limit — Requests allowed per hour
• X-RateLimit-Remaining — Requests remaining
• X-RateLimit-Reset — Unix timestamp when the limit resets

Error Handling

All errors follow a consistent format:

{
  "success": false,
  "error": "Human-readable error message"
}