Update a data subject request

PUT https://api.consentgrid.io/v1/dsr/requests/{id}?by.type=userType&by.id=userId
Authorization: Bearer apiKey

Update a data subject request.

PUT https://api.consentgrid.io/v1/dsr/my/{acct}/requests/{id}
cookie cgs_{accountURL}: session

Update a data subject request for the current data subject.

The request body contains the definition of the request. Omitted fields are not updated:

{
  "id": "item id",
  "typeId": DSR type id
  "labels": ["label1", "label2",...],
  "status": "draft",
  "owner": {
    "type": "user",
    "id": "userId"
  },
  "data": {
    Fields defined for this DSR type
  },
  "metadata": {
    "key": "value",...
  },
  "dueDate": "2020-01-20T00:00:00Z",  
  "attachments": {
    "fieldName": [
      {
        "fileName": "file.png",
        "contentType": "image/png",
        "data": "base64 data"
      }
    ]
   }
}

The id, if given, must match the id in the URL.

The typeId can be changed only if the existing request is in draft status. All additional fields and attachments defined for that type should be given under the data and attachments fields.

Data subject id is given in owner object. If the API is called with a session cookie or a session token, the data subject id is set from the session. The data subject must be created before this call. Owner can only be changed for draft requests.

Attachments for the DSR item can be given as Base64 encoded strings under the attachments, or they can be added later using upload attachment API calls.

If the status is draft, it can be changed to submitted only if all required fields and attachments are provided. It can also be changed to canceled.

If the API is called using a session cookie or session token, the status can only be changed to submitted or canceled.

Response

200 Ok

The response is the request update status object.

{
  "result": {
    "id": "request id",
    "status": "draft", or submitted
    "ok": true,
    "fieldErrors": {
      "field1": "error1",
      ...
    },
    "attachmentErrors": {
      "attachment1": "error1",
     ...
    },
    "error": "error msg"
}

If there are no errors, ok will be true. Otherwise the error messages will describe what the error is. Field-specific or attachment-specific errors messages may be present if fields do not pass validation tests.

400 Bad Request

Malformed request, invalid value, etc. The return value is a JSON error object containing diagnostic information.

403 Forbidden

The authenticated key does not have the privileges for this operation. The return value is a JSON error object containing diagnostic information.