API Documentation
Integrate DPDP Comply into your application with our REST API. All endpoints return JSON and use standard HTTP status codes.
Authentication
API Key — Pass your key via the x-api-key header. Used for public-facing endpoints like consent collection. Generate keys in Settings → API Keys.
Session — Authenticated via your browser session (Clerk). Used for dashboard-level endpoints that manage your organization’s data.
Consent
/api/v1/consent/collectCollect consent from a data principal. Records the consent decision along with purpose, timestamp, and metadata.
Request
{
"principal_id": "user@example.com",
"purpose_id": "pur_abc123",
"decision": "opt_in",
"metadata": {
"ip": "203.0.113.1",
"user_agent": "Mozilla/5.0..."
}
}Response
{
"id": "con_xyz789",
"principal_id": "user@example.com",
"purpose_id": "pur_abc123",
"decision": "opt_in",
"collected_at": "2025-01-15T10:30:00Z"
}/api/v1/consent/statusCheck the current consent status for a data principal across one or more purposes.
Request
Query parameters: principal_id (required) — identifier of the data principal purpose_id (optional) — filter to a specific purpose
Response
{
"principal_id": "user@example.com",
"consents": [
{
"purpose_id": "pur_abc123",
"decision": "opt_in",
"collected_at": "2025-01-15T10:30:00Z"
}
]
}/api/v1/consent/analyticsRetrieve consent analytics including opt-in rates, trends, and breakdowns by purpose.
Response
{
"total_consents": 12450,
"opt_in_rate": 0.73,
"by_purpose": [
{
"purpose_id": "pur_abc123",
"name": "Marketing emails",
"opt_in": 8200,
"opt_out": 4250
}
]
}Purposes
/api/v1/purposesList all consent purposes for your organization.
Response
[
{
"id": "pur_abc123",
"name": "Marketing emails",
"description": "Send promotional content",
"is_active": true,
"created_at": "2025-01-10T08:00:00Z"
}
]/api/v1/purposesCreate a new consent purpose.
Request
{
"name": "Marketing emails",
"description": "Send promotional content and offers"
}Response
{
"id": "pur_new456",
"name": "Marketing emails",
"description": "Send promotional content and offers",
"is_active": true,
"created_at": "2025-01-15T12:00:00Z"
}/api/v1/purposes/[id]Retrieve a single consent purpose by ID.
Response
{
"id": "pur_abc123",
"name": "Marketing emails",
"description": "Send promotional content",
"is_active": true,
"created_at": "2025-01-10T08:00:00Z"
}/api/v1/purposes/[id]Update an existing consent purpose.
Request
{
"name": "Marketing communications",
"description": "Updated description"
}Response
{
"id": "pur_abc123",
"name": "Marketing communications",
"description": "Updated description",
"is_active": true,
"updated_at": "2025-01-16T09:00:00Z"
}/api/v1/purposes/[id]Delete a consent purpose. This will deactivate it but preserve historical records.
Response
{
"id": "pur_abc123",
"deleted": true
}Notices
/api/v1/noticesList all privacy notices for your organization.
Response
[
{
"id": "ntc_abc123",
"title": "Privacy Notice v2",
"status": "published",
"version": 2,
"created_at": "2025-01-10T08:00:00Z"
}
]/api/v1/noticesCreate a new privacy notice draft.
Request
{
"title": "Privacy Notice",
"content": "...",
"language": "en"
}Response
{
"id": "ntc_new456",
"title": "Privacy Notice",
"status": "draft",
"version": 1,
"created_at": "2025-01-15T12:00:00Z"
}/api/v1/notices/[id]Retrieve a single privacy notice by ID, including its full content.
Response
{
"id": "ntc_abc123",
"title": "Privacy Notice v2",
"content": "...",
"status": "published",
"version": 2
}/api/v1/notices/[id]Update a draft privacy notice.
Request
{
"title": "Updated Privacy Notice",
"content": "..."
}Response
{
"id": "ntc_abc123",
"title": "Updated Privacy Notice",
"status": "draft",
"version": 2
}/api/v1/notices/[id]Publish a draft privacy notice, making it the active version.
Response
{
"id": "ntc_abc123",
"status": "published",
"published_at": "2025-01-16T10:00:00Z"
}/api/v1/notices/generateGenerate a privacy notice using AI based on your organization profile and selected purposes.
Request
{
"purpose_ids": ["pur_abc123", "pur_def456"],
"language": "en",
"tone": "formal"
}Response
{
"id": "ntc_gen789",
"title": "Auto-generated Privacy Notice",
"content": "...",
"status": "draft"
}/api/v1/notices/[id]/pdfExport a published privacy notice as a PDF document.
Response
Binary PDF file (application/pdf)
Data Requests
/api/v1/data-requestsList all data principal requests (access, correction, erasure, portability).
Response
[
{
"id": "dr_abc123",
"type": "erasure",
"principal_id": "user@example.com",
"status": "pending",
"created_at": "2025-01-14T15:00:00Z"
}
]/api/v1/data-requestsCreate a new data principal request.
Request
{
"type": "access",
"principal_id": "user@example.com",
"description": "User requests copy of all personal data"
}Response
{
"id": "dr_new456",
"type": "access",
"status": "pending",
"created_at": "2025-01-15T12:00:00Z"
}/api/v1/data-requests/[id]Retrieve details of a specific data request.
Response
{
"id": "dr_abc123",
"type": "erasure",
"principal_id": "user@example.com",
"status": "pending",
"description": "...",
"created_at": "2025-01-14T15:00:00Z"
}/api/v1/data-requests/[id]Update the status or details of a data request.
Request
{
"status": "completed",
"resolution_notes": "All data exported and sent"
}Response
{
"id": "dr_abc123",
"status": "completed",
"resolved_at": "2025-01-16T09:00:00Z"
}Breaches
/api/v1/breachesList all recorded data breach incidents.
Response
[
{
"id": "br_abc123",
"title": "Unauthorized access incident",
"severity": "high",
"status": "investigating",
"discovered_at": "2025-01-13T22:00:00Z"
}
]/api/v1/breachesRecord a new data breach incident.
Request
{
"title": "Unauthorized access incident",
"severity": "high",
"description": "Unauthorized access to user database detected",
"discovered_at": "2025-01-13T22:00:00Z"
}Response
{
"id": "br_new456",
"title": "Unauthorized access incident",
"severity": "high",
"status": "investigating",
"created_at": "2025-01-13T22:30:00Z"
}/api/v1/breaches/[id]Retrieve details of a specific breach incident.
Response
{
"id": "br_abc123",
"title": "Unauthorized access incident",
"severity": "high",
"status": "investigating",
"description": "...",
"timeline": []
}/api/v1/breaches/[id]Update a breach incident (status, resolution, timeline entries).
Request
{
"status": "resolved",
"resolution": "Credentials rotated, access revoked"
}Response
{
"id": "br_abc123",
"status": "resolved",
"resolved_at": "2025-01-15T08:00:00Z"
}Compliance
/api/v1/compliance/controlsRetrieve the 30-point DPDP compliance checklist with current completion status for each control.
Response
{
"total": 30,
"completed": 18,
"score": 0.6,
"controls": [
{
"id": "ctrl_01",
"title": "Consent collection mechanism",
"category": "Consent",
"status": "completed",
"evidence": "Consent widget deployed"
}
]
}Widgets
/api/v1/widgetsList all consent widget configurations.
Response
[
{
"id": "wgt_abc123",
"name": "Main website widget",
"theme": "light",
"is_active": true
}
]/api/v1/widgetsCreate a new consent widget configuration.
Request
{
"name": "Main website widget",
"theme": "light",
"purposes": ["pur_abc123"]
}Response
{
"id": "wgt_new456",
"name": "Main website widget",
"embed_code": "<script src=\"...\">"
}/api/v1/widgets/[id]Retrieve a widget configuration. Used by the embeddable widget to load its settings.
Response
{
"id": "wgt_abc123",
"name": "Main website widget",
"theme": "light",
"purposes": [
{ "id": "pur_abc123", "name": "Marketing emails" }
]
}Settings
/api/v1/settings/api-keysList all API keys for your organization (keys are partially masked).
Response
[
{
"id": "key_abc123",
"name": "Production key",
"prefix": "dpdp_***...abc",
"created_at": "2025-01-10T08:00:00Z"
}
]/api/v1/settings/api-keysCreate a new API key. The full key is only returned once at creation time.
Request
{
"name": "Production key"
}Response
{
"id": "key_new456",
"name": "Production key",
"key": "dpdp_live_abc123def456...",
"created_at": "2025-01-15T12:00:00Z"
}