Skip to main content
The DSAR API handles data subject access requests for GDPR, CCPA, and other privacy regulations. Requests are processed asynchronously via a background job queue. Admin only.

GET /api/v1/dsar

List DSAR requests for the tenant.

Query Parameters

ParameterTypeRequiredDescription
statusstringNoFilter by status: queued, processing, completed, failed
limitnumberNoMax results (default: 50, max: 200)

Response

{
  "requests": [
    {
      "id": "clx...",
      "tenantId": "my-tenant",
      "requestType": "export",
      "subjectId": "C-1234",
      "subjectType": "customer_id",
      "requestedBy": "admin@example.com",
      "status": "completed",
      "requestedAt": "2026-03-18T10:00:00.000Z",
      "completedAt": "2026-03-18T10:02:30.000Z"
    }
  ],
  "count": 1
}

POST /api/v1/dsar

Create and enqueue a DSAR request. Returns 202 Accepted — the request is processed asynchronously. Rate limited to 10 requests/min. Admin only.

Request Body

FieldTypeRequiredDescription
requestTypestringYesRequest type: export or delete
subjectIdstringYesCustomer ID or email of the data subject
subjectTypestringNoIdentifier type: customer_id or email (default: customer_id)

Example

curl -X POST https://playground.kaireonai.com/api/v1/dsar \
  -H "Content-Type: application/json" \
  -H "X-Tenant-Id: my-tenant" \
  -H "X-User-Role: admin" \
  -d '{
    "requestType": "delete",
    "subjectId": "C-1234",
    "subjectType": "customer_id"
  }'

Response (202)

{
  "requestId": "clx...",
  "status": "queued"
}
Poll GET /api/v1/dsar?status=completed to check when the request finishes processing.