Export and Delete User Data
As part of compliance with GDPR and CCPA regulations, users need to be able to request the information that has been collected about them. OpenWeb enables you to provide this information in response to a user's request.
Required items
Item | Locating the value |
---|---|
OpenWeb Spot ID (Required only for user data exports) | 1. Log into your Admin Dashboard. 2. Copy your Spot ID from the URL: https://admin.spot.im/spot/{SPOT_ID}/... |
Export v2 API key (Required only for user data exports) | 1. From your OpenWeb Admin Dashboard, click Settings. 2. Under Authentication Tokens, copy the Export v2 API key. |
SSO access token | Request this from your OpenWeb PSM |
Export user data
- Make a
GET /v1/user/{primary_key}
call which includes your SSO access token in the request header. Theprimary_key
is the unique user ID generated by your backend user management system. Making this call enables you to obtain the user's OpenWeb user ID.
This must be a backend-to-backend call to maintain the security of your access token.
Within the API response,user.spotim_user_id
is the OpenWeb user ID.
GET https://www.spot.im/api/sso/v1/user/:primary_key
Header: x-spotim-sso-access-token: ACCESS_TOKEN
{
"success": true,
"user": {
...
"spotim_user_id": "USER_ID",
...
}
}
- Make a
POST /gdpr/export
call with your Spot ID, Export V2 API key, and OpenWeb user ID. ThePOST
call returns the export ID.
POST https://open-api.spot.im/gdpr/export
{
"access_token": "1234567890",
"spot_id": "sp_123",
"user_id": "u_123"
}
Get user data export status
-
Follow the steps in the Export user data section to obtain the OpenWeb user ID and export ID.
-
Make a
GET /gdpr/export/status/{ID}?access_token={TOKEN}&spot_id={SPOT_ID}
request. Be sure to replace the following placeholders:{ID}
: Replace with the export ID{SPOT_ID}
: Replace with your Spot ID{TOKEN}
: Replace with the Export V2 API key.
This
GET
call returns the status.
GET https://open-api.spot.im/gdpr/export/status/{ID}?access_token={TOKEN}&spot_id={SPOT_ID}
{
"status": "pending"
}
{
"status": "completed",
"link": "{download_link}"
}
{
"status": "failed"
}
Export Files
When the export completes ("status":"completed"
), the response includes a link
to a .zip file with the user's data. The .zip file includes the following JSON files:
dislikes.json: Single array of all disliked comments by the user
[
"MESSAGE_ID4",
"MESSAGE_ID5",
"MESSAGE_ID6"
]
likes.json: Single array of all liked comments by the user
[
"MESSAGE_ID",
"MESSAGE_ID2",
"MESSAGE_ID3"
]
messages.json: All of the user's message metadata
[
{
"manually_resolved":null,
"author_id":"OW_USER_ID",
"moderator_id":"OW_USER_ID",
"spot_id":"SPOT_ID",
"state":"approved",
"parent_comment_id":"COMMENT_ID",
"conversation_id":"CONVERSATION_ID",
"published":true,
"conv_message_id":"MESSAGE_ID",
"written_at":1669567812,
"content":[
{
"id":"CONTENT_ID",
"text":"MESSAGE",
"type":"text"
}
],
"stars":null,
"metadata":{},
"tags":null,
"tags_metadata":null,
"type":"reply",
"never_hard_delete":null,
"additional_data":{"labels":{}},
"anonymous_user_id":null,
"anonymous_user_name":null,
"anonymous_image_id":null,
"ip":"USER_IP_ADDRESS",
"edited":null,
"token":null,
"id":"MESSAGE_ID"
}
]
profile.json: User's profile metadata and roles
{
"user_id":"OPEN_USER_ID",
"registered":true,
"social_ids":[],
"sso":null,
"roles":[
{"role":"owner","stage":"SPOT_ID"},
{"role":"moderator","stage":"SPOT_ID"},
{"role":"team-member","stage":"SPOT_ID"},
{"role":"registered","stage":"system"}
],
"basic":{
"user_name":"USER_NAME",
"display_name":"DISPLAY_NAME",
"image_id":null,
"gender":null,
"birthday":"BIRTHDATE",
"about":null,
"location":null,
"email":"EMAIL",
"email_verified":true
}
}
The .zip file link will only be available for 60 days.
Delete user data
When requested by a user, you must delete the user’s OpenWeb account to remain compliant with GDPR and CCPA regulations.
- Make a GET /v1/user/{primary_key} call which includes your SSO access token in the request header. The
primary_key
is the unique user ID generated by your backend user management system. Making this call enables you to obtain the user's OpenWeb user ID.
This must be a backend-to-backend call to maintain the security of your access token.
Within the API response,user.spotim_user_id
is the OpenWeb user ID.
GET https://www.spot.im/api/sso/v1/user/{primary_key}
Header: x-spotim-sso-access-token: ACCESS_TOKEN
{
"success": true,
"user": {
...
"spotim_user_id": "USER_ID",
...
}
}
- Make a
DELETE /v1/user/{primary_key}
call which includes your SSO access token in the request header.
DELETE https://www.spot.im/api/sso/v1/user/{primary_key}
Header: x-spotim-sso-access-token: ACCESS_TOKEN
Once the user has been deleted, comments by the deleted user remain and are linked to a random guest user.
Updated 3 months ago