Domains / Security and Compliance/ API Endpoint

Privacy Request Submit

REST endpoint for submitting GDPR and CCPA data subject rights requests (access, erasure, portability) and tracking their status.

API Endpoint Application active

POST /privacy/requests accepts the request type (erasure, access, portability), subject identity, and verification token. The endpoint validates the subject's identity against the IdP before creating a Data Subject Request Aggregate and starting the orchestration workflow.

Relationships

Composes outgoing 1
Target Element Element Type
Privacy Rights API Software Subsystem
Part of incoming 1
Source Element Element Type
Privacy Rights API Software Subsystem
Realized by incoming 1
Source Element Element Type
Privacy Rights API API Contract
Served by incoming 2
Source Element Element Type
Data Erasure Completed Domain Event
Privacy Request Received Domain Event

Architecture Context

Diagrams

Not yet referenced in any diagram

Properties

Type API Endpoint
Layer Application
Domain Security and Compliance
Status active
Owner Security Team

Additional Metadata

Api Catalog Id EP-SEC-005
Protocol REST
Auth Method OAuth2
Publishes Domain Events Data Erasure Completed
Archimate Type application-interface
Ddd Type Application Service
Togaf Type Information System Service

Meta Model

Business
Organization
Application current
Technology

Actions