LLMs.txtLLMs.txtDirectory

OneTrust

developer.onetrust.com
Developer Tools

The OneTrust Developer Portal allows you to leverage APIs and SDKs to integrate external systems seamlessly and streamline the data flow with the OneTrust platform.

llms.txt

OneTrust Developer Portal Documentation

Guides

API Reference

  • Add Attribute to Schema: Use this API to add an attribute to a specific schema. > 🗒 Things to Know > > - This API only supports AI Governance entities (Models, Datasets, AI Systems, and AI Agents). > - AI Governance APIs will become available over the course of the Spring as customer tenants are upgraded to enhanced AI Governance services. No customer action is required and more detailed information will be published in upcoming release notes and product documentation.
  • Add Options to Attribute: Use this API to add options to an attribute. > 🗒 Things to Know > > - This API only supports AI Governance entities (Models, Datasets, AI Systems, and AI Agents). > - AI Governance APIs will become available over the course of the Spring as customer tenants are upgraded to enhanced AI Governance services. No customer action is required and more detailed information will be published in upcoming release notes and product documentation.
  • Disable Attribute: Use this API to disable an attribute. > 🗒 Things to Know > > - This API only supports AI Governance entities (Models, Datasets, AI Systems, and AI Agents). > - AI Governance APIs will become available over the course of the Spring as customer tenants are upgraded to enhanced AI Governance services. No customer action is required and more detailed information will be published in upcoming release notes and product documentation.
  • Enable Attribute: Use this API to enable an attribute. > 🗒 Things to Know > > - This API only supports AI Governance entities (Models, Datasets, AI Systems, and AI Agents). > - AI Governance APIs will become available over the course of the Spring as customer tenants are upgraded to enhanced AI Governance services. No customer action is required and more detailed information will be published in upcoming release notes and product documentation.
  • Create Entity: Use this API to create a new entity record. > 🗒 Things to Know > > - This API only supports AI Governance entities (Models, Datasets, AI Systems, and AI Agents). > - AI Governance APIs will become available over the course of the Spring as customer tenants are upgraded to enhanced AI Governance services. No customer action is required and more detailed information will be published in upcoming release notes and product documentation.
  • Delete Entity: Use this API to delete an existing entity record. > 🗒 Things to Know > > - This API only supports AI Governance entities (Models, Datasets, AI Systems, and AI Agents). > - AI Governance APIs will become available over the course of the Spring as customer tenants are upgraded to enhanced AI Governance services. No customer action is required and more detailed information will be published in upcoming release notes and product documentation.
  • Get Full Entity Details: Use this API to retrieve all the details for the specified entity record by key terms and filters. > 🗒 Things to Know > > - This API only supports AI Governance entities (Models, Datasets, AI Systems, and AI Agents). > - AI Governance APIs will become available over the course of the Spring as customer tenants are upgraded to enhanced AI Governance services. No customer action is required and more detailed information will be published in upcoming release notes and product documentation.
  • Get Basic Entity Details: Use this API to retrieve basic details for the specified entity record by key terms and filters. > 🗒 Things to Know > > - This API only supports AI Governance entities (Models, Datasets, AI Systems, and AI Agents). > - AI Governance APIs will become available over the course of the Spring as customer tenants are upgraded to enhanced AI Governance services. No customer action is required and more detailed information will be published in upcoming release notes and product documentation.
  • Get Entity: Use this API to retrieve a single entity record by its unique identifier along with the associated attributes, module name, and created date. > 🗒 Things to Know > > - This API only supports AI Governance entities (Models, Datasets, AI Systems, and AI Agents). > - AI Governance APIs will become available over the course of the Spring as customer tenants are upgraded to enhanced AI Governance services. No customer action is required and more detailed information will be published in upcoming release notes and product documentation.
  • Modify Entity: Use this API to partially update an existing entity record. > 🗒 Things to Know > > - This API only supports AI Governance entities (Models, Datasets, AI Systems, and AI Agents). > - AI Governance APIs will become available over the course of the Spring as customer tenants are upgraded to enhanced AI Governance services. No customer action is required and more detailed information will be published in upcoming release notes and product documentation.
  • Get List of Entity Types: Use this API to retrieve a list of all entity types by key terms and filters. > 🗒 Things to Know > > - This API only supports AI Governance entities (Models, Datasets, AI Systems, and AI Agents). > - AI Governance APIs will become available over the course of the Spring as customer tenants are upgraded to enhanced AI Governance services. No customer action is required and more detailed information will be published in upcoming release notes and product documentation.
  • Get Entity Type: Use this API to retrieve the details for the specified entity type. The response will return the user who created the entity type, created date, and description. > 🗒 Things to Know > > - This API only supports AI Governance entities (Models, Datasets, AI Systems, and AI Agents). > - AI Governance APIs will become available over the course of the Spring as customer tenants are upgraded to enhanced AI Governance services. No customer action is required and more detailed information will be published in upcoming release notes and product documentation.
  • Update Entity Workflow Stage: Use this API to update the workflow stage for the specified entity record. > 🗒 Things to Know > > - This API only supports AI Governance entities (Models, Datasets, AI Systems, and AI Agents). > - AI Governance APIs will become available over the course of the Spring as customer tenants are upgraded to enhanced AI Governance services. No customer action is required and more detailed information will be published in upcoming release notes and product documentation.
  • Create Relationship Record between Entities: Use this API to create a new Relationship Record between entities. > 🗒 Things to Know > > - This API only supports AI Governance entities (Models, Datasets, AI Systems, and AI Agents). > - AI Governance APIs will become available over the course of the Spring as customer tenants are upgraded to enhanced AI Governance services. No customer action is required and more detailed information will be published in upcoming release notes and product documentation.
  • Remove Relationship Record: Use this API to remove an existing Relationship Record between entities. > 🗒 Things to Know > > - This API only supports AI Governance entities (Models, Datasets, AI Systems, and AI Agents). > - AI Governance APIs will become available over the course of the Spring as customer tenants are upgraded to enhanced AI Governance services. No customer action is required and more detailed information will be published in upcoming release notes and product documentation.
  • Get Relationship Record: Use this API to retrieve the details of a specific Relationship Record between entities. > 🗒 Things to Know > > - This API only supports AI Governance entities (Models, Datasets, AI Systems, and AI Agents). > - AI Governance APIs will become available over the course of the Spring as customer tenants are upgraded to enhanced AI Governance services. No customer action is required and more detailed information will be published in upcoming release notes and product documentation.
  • Get List of Relationship Records by Entity: Use this API to retrieve a list of Relationship Records by entity. > 🗒 Things to Know > > - This API only supports AI Governance entities (Models, Datasets, AI Systems, and AI Agents). > - AI Governance APIs will become available over the course of the Spring as customer tenants are upgraded to enhanced AI Governance services. No customer action is required and more detailed information will be published in upcoming release notes and product documentation.
  • Create Task: Use this API to create a new task for an entity. > 🗒 Things to Know > > - This API only supports AI Governance entities (Models, Datasets, AI Systems, and AI Agents). > - AI Governance APIs will become available over the course of the Spring as customer tenants are upgraded to enhanced AI Governance services. No customer action is required and more detailed information will be published in upcoming release notes and product documentation.
  • Get Task: Use this API to retrieve a specific task on an entity. The response will include details such as the activity history, assignee, and deadline. > 🗒 Things to Know > > - This API only supports AI Governance entities (Models, Datasets, AI Systems, and AI Agents). > - AI Governance APIs will become available over the course of the Spring as customer tenants are upgraded to enhanced AI Governance services. No customer action is required and more detailed information will be published in upcoming release notes and product documentation.
  • Update Task: Use this API to update an existing task for an entity. > 🗒 Things to Know > > - This API only supports AI Governance entities (Models, Datasets, AI Systems, and AI Agents). > - AI Governance APIs will become available over the course of the Spring as customer tenants are upgraded to enhanced AI Governance services. No customer action is required and more detailed information will be published in upcoming release notes and product documentation.
  • CMP API Service Level Objectives
  • Creating a New Cookie Runner Script
  • Custom Scan using Worker Node APIs
  • Managing Organizations
  • Managing Users
  • Updating a User's Role & Organization
  • Integrating with Webhooks
  • Updating a Control Implementation
  • Updating Risk Details
  • Importing GDPR Transfer Impact Assessment Template into the OneTrust Application
  • Managing Policies and Notices
  • Bulk Export Demo Videos
  • Embedding the Trust Center on an existing webpage
  • API Use Cases & Best Practices
  • API Service Level Objectives
  • Enabling iFraming of a OneTrust Preference Center
  • Implementing the Collection Point with REST API
  • Introducing the V4 Data Subjects APIs
  • Retrieving Client-Side Consent Preferences using the Preferences API
  • Using Consent Groups to Alter a Data Subject's Consent Status
  • Using the Preference Center Schema to Build Multi Page Preference Centers
  • Using the Preference Center Schema to Build Original or Enhanced Preference Centers
  • V1 to V4 Migration Guide
  • Welcome to the V4 APIs: The Future of Consent and Preference Management
  • Get Data Subject's Preferences: Use this API to retrieve a list of all consent preferences for a data subject identifier. The response will include details such as the consent date, purpose preferences, and data subject's geolocation. The response will also include relevant information about data elements and last interaction date, along with the current status of consent for the purposes that the data subject has interacted with. > 🗒 Things to Know > > - This API uses a JSON Web Token (JWT) authorization token that will be passed to OneTrust servers to ensure authenticated access to a user's consent profile. This is not the OAuth 2.0 client credential or API key. This JWT authorization token is generated using the cross-device consent process. For more information, see Cross-Domain and Cross-Device Consent. > - This API does not require an intermediary server-server API call. It is optimized for client-side applications, maintaining security to make quick decisions based on data subject consent. > - The response of this API will not return updates made via the Update Data Subject's Preferences in a Preference Center API.
  • Get Banner Data: Use this API to retrieve the required interface attributes to be rendered on the Banner.
  • Log Consent: Use this API to log consent when a user interacts with a Banner or Preference Center.
  • Get Preference Center Data: Use this API to retrieve the required interface attributes to be rendered on the Preference Center.
  • Get Universal Consent Purposes: Use this API to retrieve the required interface attributes to be rendered for Universal Consent Purposes.
  • Get IAB and Google Vendors: Use this API to retrieve a list of active IAB and Google Vendors to be displayed on the Preference Center.
  • Create Consent Receipts in Bulk: Use this API when bulk importing consent receipts. This bulk endpoint optimizes performance when processing a large number of consent transactions simultaneously. > 🗒 Things to Know > > - Each collection point must first be set up in the OneTrust Platform to generate a valid JWT, which must be present in the request payload. The JWT can be found on the Integrations tab of the Collection point details screen or via the Get Collection Point Token API. > > - Response times may vary depending on the number of receipts being processed. Consider implementing appropriate timeout handling in your integration. > > - In most cases, further authorization is not required. However, additional information for setting up authenticated consent can be found here when needed. > > - OneTrust recommends including no more than 10 purposes per consent receipt, with an absolute maximum of 20 purposes. > > - The default rate limit for imports is 3k Calls/Minute and 3M Receipts/Day. > > - Please validate all inputs before sending data to a Custom API collection point. This API does not perform data type validation to ensure high performance and fast response times. However, invalid data will not be passed to the data subject.
  • Create Consent Receipts: Use this API to create consent receipts from a collection point. This API is used by all collection points and allows external applications to submit requests to store data subject consent transactions. > 🗒 Things to Know > > - Each collection point must first be set up in the OneTrust Platform to generate a valid JWT, which must be present in the request payload. The JWT can be found on the Integrations tab of the Collection point details screen within the platform or can be retrieved by calling the Get Collection Point Token API. > > - Once the test parameter is set to true, reverting it to false is not possible. However, transitioning from test=false to test=true is supported. For more information on how to remove the test flag in the OneTrust Platform, see Managing Data Subject Records. > > - In most cases, further authorization is not required. However, additional information for setting up authenticated consent can be found here when needed. > > - Please avoid passing privacy notices for regular Custom API collection points. OneTrust strongly recommends using privacyNotices only for those enabled with dynamic configuration, as they allow you to gather information about all purposes. > > - When passing the purposes parameter, the version for PrivacyNotices will be used based on the consent date. > > - OneTrust recommends including no more than 10 purposes per consent receipt, with an absolute maximum of 20 purposes. > > - Please validate all inputs before sending data to a Custom API collection point. This API does not perform data type validation to ensure high performance and fast response times. However, invalid data will not be passed to the data subject.
  • Create Identified Consent Receipts: Use this API to create consent receipts for identified data subjects using non-cookie collection points. This endpoint is designed specifically for scenarios where data subjects are identified through explicit identifiers rather than cookies. > 🗒 Things to Know > > - Each collection point must first be set up in the OneTrust Platform to generate a valid JWT, which must be present in the request payload. The JWT can be found on the Integrations tab of the Collection point details screen or via the Get Collection Point Token API. > > - When using this endpoint, you must include an identifier for the data subject, such as an email address or other unique identifier, in the request payload. > > - The identified endpoint creates a persistent record of consent for the data subject that can be managed and updated over time through the OneTrust preference center. > > - If you need to link multiple identifiers to the same data subject, use the additionalIdentifiers parameter in your request payload. > > - In most cases, further authorization is not required. However, additional information for setting up authenticated consent can be found here when needed. > > - OneTrust recommends including no more than 10 purposes per consent receipt, with an absolute maximum of 20 purposes. > > - Please validate all inputs before sending data to a Custom API collection point. This API does not perform data type validation to ensure high performance and fast response times. However, invalid data will not be passed to the data subject.
  • Categorize Cookies by Domain: Use this API to categorize cookies by cookie name and host for the specified domain. The response will return details for each cookie such as pattern (First-Party or Third-Party) and category (Functional, Strictly Necessary, Targeting, Social Media, or Performance)
  • Categorize Cookies by Domain and Cookie ID: Use this API to categorize cookies by domain and cookie ID. The response will return details for each cookie such as the pattern (First-Party or Third-Party) and the category (Functional, Strictly Necessary, Targeting, Social Media, or Performance).
  • Create Cookie: Use this API to create a new cookie.
  • Get List of Cookies by Criteria: Use this API to retrieve a list of all cookies by filter criteria. > 🗒 Things to Know > > - If any of the available languages in the OneTrust application is entered as a value for the language parameter, cookie categories, descriptions, and third-party descriptions will be translated accordingly. > - It is recommended to use the page and size parameters if the number of cookies is greater than 500.
  • Update Cookie: Use this API to update an existing cookie. > 🗒 Things to Know > > - There are two types of IDs for cookies: Cookie ID and Domain Cookie ID. The Cookies Results All Domains export can be downloaded from the Categorizations screen in the OneTrust application to select the ID for the cookieId parameter. > - For manually created cookies, only cookieName, lifespan, an host will be updated. > - Values must be passed in all the parameters within descriptionTranslations for a cookie translation to be updated.
  • Create or Update Domain Group: Use this API to create a new domain group or update an existing domain group.
  • Download Script File: Use this API to download the script files for the specified domain. The files will be downloaded within a folder in blob format. > 🗒 Things to Know > > - The domain must be in Published status. > 👍 > > For more information, see Downloading and Deploying Scripts from Local Hosting.
  • Get Script for Website: Use this API to retrieve the script for the specified website.
  • Publish Script to Website: Use this API to publish the script configuration options for the specified website. > 👍 > > For more information, see Publishing and Implementing Cookie Consent Scripts.
  • Get List of Websites: Use this API to retrieve a list of all websites in the scanner. The response will return websites in Pending and Completed status along with the corresponding domain ID, external organization ID, and last scanned date. > 🗒 Things to Know > > - It is recommended to use the page and size parameters if the number of domains is greater than 1,000.
  • Add Websites to Scan: Use this API to add a website or multiple websites to the scanner.
  • Create Application: Use this API to create a new application for scan and SDK publishing.
  • Get Branding Attributes for Application: Use this API to retrieve branding attributes for the specified application.
  • Get List of Applications: Use this API to retrieve a paginated list of applications. The search parameter can be used to optionally filter results by name.
  • Scan Application: Use this API to initiate an application scan with a file upload.
  • Update Branding Attributes for Application: Use this API to update branding attributes for the specified application.
  • Add Cookies: Use this API to add cookies.
  • Delete Cookies: Use this API to delete cookies by the specified cookie ID or filter criteria.
  • Edit Cookies: Use this API to edit existing cookies.
  • Get Categorized Cookies: Use this API to retrieve categorized cookies by domain.
  • Get List of Cookies by Criteria: Use this API to retrieve a list of cookies by the specified filter criteria.
  • Recategorize Cookies: Use this API to initiate cookie recategorization for a scan.
  • Cancel Scheduled Website Scans: Use this API to cancel scheduled scans.
  • Create or Update Domain Group: Use this API to create a new domain group or update an existing domain group.
  • Delete Domain: Use this API to delete the specified domain.
  • Get Branding Attributes for Domain: Use this API to retrieve branding attributes for the specified domain.
  • Schedule Website Scans: Use this API to schedule scans for the specified domains.
  • Update Branding Attributes for Domain: Use this API to update branding attributes for the specified domain.
  • Assign Geolocation Rule Group: Use this API to assign or unassign multiple domains and/or applications to a specified geolocation rule group. For each domain or application, set the value to true to assign or false to unassign.
  • Get Geolocation Rule Group: Use this API to retrieve detailed information for all geolocation rules within a specified geolocation rule group, including regions, consent model, cookie categories, and other attributes.
  • Get List of Geolocation Rule Groups: Use this API to retrieve a paginated list of geolocation rule groups. The search parameter can be used to optionally filter results by name.
  • Scan Websites: Use this API to start scans for the specified domains.
  • Archive Scans: Use this API to archive the specified scans.
  • Cancel Scan: Use this API to cancel a specific scan.
  • Get Scan Statuses: Use this API to retrieve the status of the specified scans.
  • Get Scan Results: Use this API to retrieve results for a specific scan, including details such as cookies, tags, forms, etc.
  • Get List of Scans by Domain: Use this API to retrieve a list of scans for a specific domain and the specified filter criteria.
  • Get List of Websites: Use this API to retrieve a list of websites in the scanner. The response will return websites in Pending and Completed status for the organization and related child organizations.
  • Get List of Added or Removed Cookies: Use this API to retrieve a list of added or removed cookies between the current and previous scan for the specified domain.
  • Get Scan Result Summary: Use this API to retrieve summary information for a scan, including counts of cookies, tags, forms, and other entities found.
  • Download Script File: Use this API to download the script files for the specified domain. The files will be downloaded within a folder in blob format. > 🗒 Things to Know > > - The domain must be in Published status. > 👍 > > For more information, see Downloading and Deploying Scripts from Local Hosting.
  • Get Script for Application: Use this API to retrieve script details for the specified application.
  • Get Script for Domain: Use this API to retrieve script details for the specified website.
  • Get Script for Website: Use this API to retrieve the script for the specified website.
  • Publish Application SDK: Use this API to publish the script configuration options for the specified application.
  • Publish Script to Website: Use this API to publish the script configuration options for the specified website. > 👍 > > For more information, see Publishing and Implementing Cookie Consent Scripts.
  • Get Template Details: Use this API to retrieve detailed information of a template, including banner setup, preference center setup and the cookie list.
  • Get List of Templates: Use this API to retrieve a paginated list of templates with their details, including template name, type, current version, and status.
  • Get Domain Data: Use this API to retrieve a list of all templates, cookie consent models, and vendor lists data for the specified domain in JSON format.
  • Get Data Subject's Preferences: > ❗️ End of Support Notification > > As of November 23, 2025, this API is now deprecated. Any customers leveraging this API are encouraged to use the Get Data Subject’s Preferences V2 API. For more information, see OneTrust API Sunsetting & Deprecation Guidelines. Use this API to retrieve a list of all consent preferences for a data subject identifier. The response will include details such as consent date, Purpose Preferences, and data subject's geolocation. The response will also include relevant information about data elements and last interaction date, along with the current status of consent for the purposes that the data subject has interacted with. > 🗒 Things to Know > > - This API uses an authorization token with public key model that reduces query response time and bypasses rate limits that are in place with the main APIs that rely on querying the main OneTrust database. > - This API does not require an intermediary server-server API call. It is optimized for client-side applications, maintaining security to make quick decisions based on data subject consent. > - The response of this API will not return updates made via the Update Data Subject's Preferences in a Preference Center API.
  • Get SDK Configuration: Use this API to retrieve a list of all templates, cookie consent models, and vendor lists data for the specified mobile or OTT application in JSON format. > 🚧 > > Before calling this API, ensure that the Mobile App data from your OneTrust tenant has been published. For more information, see Publish Changes.
  • Get List of Privacy Notices: Use this API to retrieve a list of all privacy notices. The response will include details for each privacy notice along with the corresponding privacy notice ID, created date, and last published date.
  • Get Privacy Notice Version: Use this API to retrieve a specific version of the privacy notice by the published date and time. The response will return details on the version of the privacy notice that was most recently published before the value specified in the date parameter.
  • Get List of Privacy Notice Versions: Use this API to retrieve a list of versions for a specific privacy notice.
  • Create New Collection Point Version: Use this API to create a new version of an existing Collection Point that is currently in Active status. A new version of the Collection Point will be created in Draft status while the Active version of the Collection Point will remain unchanged. > 🗒 Things to Know > > - Once the Collection Point is in Draft status, the Update Existing Collection Point API can be used to edit the Collection Point. Changes will only be visible once the new version of the Collection Point is published.
  • Get List of Collection Points: Use this API to retrieve a list of all collection points or retrieve a single collection point using the id query parameter. By default, the response will return details of all versions of a collection point with the active version listed first, but can be filtered using both the version and status query parameters. > 🗒 Things to Know > > #### Usage Guidelines > > - Server-side caching behavior: To improve performance and reduce database load, this endpoint uses server-side caching with a 1‑hour TTL. Cached entries are automatically refreshed when collection point data is updated, ensuring responses remain current. > - Pagination and response caching: This API is pageable, and a single page may include multiple collection points. As a result: > - End‑to‑end response caching is not always possible. > - When data for one collection point changes, cache eviction may require re-fetching other collection points included in the same cached page. > - Because of this, caching paginated responses is not efficient. > - To mitigate impact, caching is applied at a component level, rather than caching the entire API response payload. > > Response times may vary depending on pagination and cache state. > - Optimized Caching Use Cases: Server-side caching is designed to be most effective when retrieving a specific collection point, querying by status, or querying by version. Broad, paginated list queries may experience variable performance depending on cache state. > - Client‑Side Caching Recommendations: Collection point metadata changes infrequently, and clients are expected to implement client-side caching to ensure optimal performance: > - Cache metadata for 1–2 hours. > - Avoid calling this API per user interaction or transaction. > - Use cached metadata for downstream processing. > - Refresh cached data on expiry.
  • Create Collection Point: Use this API to create a new Collection Point. The Collection Point will be created with version 1 and Draft status. > 🗒 Things to Know > > - Data element name values support up to 750 characters. Data element types containing the word Country do not support the following characters: [<>();:'“$#}{] > - If the EnablePrimaryIdentifier parameter is set to true, then the PrimaryIdentifierType parameter will be required in the API request body. > - When creating a Web Form Collection Point, the HostedSDK parameter value will be set to true by default, regardless of the value entered in the request body. > - One of the following parameters is required in the API request body: PurposeId, PurposeIds, or PurposeIdsWithVersion. > - The PurposeId and PurposeIds parameters can be used to link an Active version of a purpose to a Collection Point. > - The PurposeIdsWithVersion parameter can be used to link specific versions of a purpose (either in Draft or Active status) to a Collection Point.
  • Update Collection Point Status: Use this API to update the status of a Collection Point. > 🗒 Things to Know > > - To disable the Collection Point, set the value query parameter to true. All versions of the Collection Point will be disabled from ingesting receipts. > - To enable the Collection Point, set the value query parameter to false. The previous status of the Collection Point will be restored. > - The following Collection Point types cannot be disabled: ADMIN_UPDATE and NOTIFICATION_OPT_OUT.
  • Update Existing Collection Point: Use this API to update an existing Collection Point. Before calling this API, ensure that the Collection Point is in Draft status. If the Collection Point is in Active status, use the Create New Collection Point Version API to create a new version of the Collection Point. > 🗒 Things to Know > > - One of the following parameters must be included in the API request body: PurposeId, PurposeIds, or PurposeIdsWithVersion. > - The PurposeId and PurposeIds parameters can be used to link an Active version of a purpose to a Collection Point. > - The PurposeIdsWithVersion parameter can be used to link specific versions of a purpose (either in Draft or Active status) to a Collection Point.
  • Get List of Collection Points: Use this API to retrieve a list of all Collection Points. The response will include relevant details for each Collection Point, including purposes, notices, data elements, and more.
  • Get Collection Point Token: Use this API to retrieve the JSON Web Token (JWT) for a given Collection Point. The JWT returned in the response can be used as the requestInformation parameter value in the Consent Receipts API in order to pass data subject consent transactions.
  • Download All Consent Attachments: Use this API to retrieve all available file references attached to a given data subject. The files will be downloaded in .zip format.
  • Download Consent Attachment: Use this API to download a specific file reference attached to a given data subject. The file will be downloaded in .zip format. > 🗒 Things to Know > > - The attachmentId parameter value corresponds to the RefId parameter value returned after uploading a file using the Upload Consent Attachment API.
  • Remove All Consent Attachments: Use this API to remove all file references attached to a given data subject.
  • Remove Consent Attachment: Use this API to remove a specific file reference attached to a given data subject. > 🗒 Things to Know > > - The attachmentId parameter value corresponds to the RefId parameter value returned after uploading a file using the Upload Attachments API.
  • Upload Consent Attachment: Use this API to upload and store files which contain written consent of data subjects' transactions. > 🗒 Things to Know > > - The size of uploaded files must be less than 4MB. > > - The following file formats are allowed: .pdf, .jpeg, .jpg, and .png. > > - The RefID parameter returned within the response body can be used to attach file references to incoming data subject consents using the Create Consent Receipts API. > > - File references can be attached to a given data subject or data subject purpose by using the attachments or PurposeAttachments parameters in the Create Consent Receipts API respectively.
  • Add Consent Groups to Parent Consent Group: Use this API to add Consent Groups as children of the specified Parent Consent Group. > 🗒 Things to Know > > - A Consent Group can only be added as a child to one Parent Consent Group. > - A Parent Consent Group can either have Consent Groups as children or data subjects as children within a given level in the hierarchy, not both. If Consent Groups are added as children to the Parent Consent Group, data subjects cannot be added to the Parent Consent Group at that given level. > - Consent Groups can support a hierarchical structure of up to 4 levels. However, once data subjects are added as children to a Parent Consent Group, no additional Consent Groups can be added to that hierarchical structure.
  • Add Data Subjects to Parent Consent Group: Use this API to add data subjects as children of the specified Parent Consent Group. > 🗒 Things to Know > > - A Parent Consent Group can either have Consent Groups as children or data subjects as children within a given level in the hierarchy, not both. If data subjects are added as children to the Parent Consent Group, Consent Groups cannot be added to the Parent Consent Group at that given level or any level below in the hierarchical structure.
  • Add Purpose Rules to Consent Group: Use this API to add Purpose Rules to a Consent Group. These rules will dictate which Purposes will be overridden with the defined Enforced Status for data subjects within the given Consent Group. > 🗒 Things to Know > > - Each Purpose in a Consent Group has its own Purpose Rule which is comprised of an Enforced Status and Effective Status. > - The Enforced Status is the Purpose Status that you want to apply for a particular Purpose. > - The Effective Status is calculated using the Priority Scores across the entire Consent Group hierarchy for each Purpose.
  • Create Consent Group: Use this API to create a new Consent Group by providing a name, description, and optional external name. > 🗒 Things to Know > > - If an external name is not defined, one will be generated automatically.
  • Remove Purpose Rule from Consent Group: Use this API to remove existing Purpose Rules from a Consent Group.
  • Remove Data Subject from Parent Consent Group: Use this API to remove a single data subject as a child of the specified Parent Consent Group. > 🗒 Things to Know > > - Only one data subject can be removed per API call.
  • Get List of Consent Groups: Use this API to retrieve a list of all Consent Groups along with details such as the Consent Group ID, associated Purpose Rules, and the list of data subjects and/or Consent Groups within its hierarchal structure.
  • Get Priority Scores for Purpose Statuses: Use this API to retrieve the Priority Scores for each Purpose Status. > 🗒 Things to Know > > - All Purpose Statuses are given a Priority Score. A Purpose Status with a lower Priority Score will be given precedence over a Purpose Status with a higher Priority Score. > - Each Purpose in a Consent Group has its own Purpose Rule which is comprised of an Enforced Status and Effective Status. > - The Enforced Status is the Purpose Status that you want to apply for a particular Purpose. > - The Effective Status is calculated using the Priority Scores across the entire Consent Group hierarchy for each Purpose. > 👍 > > For more information, see Using Consent Groups to Alter a Data Subject's Consent Status.
  • Get Consent Group: Use this API to retrieve a single Consent Group by its unique identifier along with details such as the Consent Group ID, associated Purpose Rules, and the list of data subjects and/or Consent Groups within its hierarchal structure.
  • Remove Consent Groups from Parent Consent Group: Use this API to remove Consent Groups as children of the specified Parent Consent Group. > 🗒 Things to Know > > - Multiple Consent Groups can be removed within the same API call by specifying the list of child Consent Group IDs.
  • Update Priority Scores for Purpose Statuses: Use this API to update the current Priority Score values for the Purpose Statuses. Priority Scores across the entire Consent Group hierarchy are used to calculate the Effective Status of a Purpose. > 🗒 Things to Know > > - All Purpose Statuses are given a Priority Score. A Purpose Status with a lower Priority Score will be given precedence over a Purpose Status with a higher Priority Score. Any new Purpose Statuses will automatically be given a higher priority score by default. > - When calculating the Effective Status of any Purpose in a Consent Group: > - If there is no Parent Consent Group, the Effective Status becomes the same as the Enforced Status. > - If there is a Parent Consent Group, the Effective Status would be calculated by comparing the Priority Score of the Enforced Status of the Purpose at that hierarchy level with the Priority Score of the Effective Status of the Purpose in the Parent level and applying the status associated with the lower Priority Score. > 👍 > > For more information, see Using Consent Groups to Alter a Data Subject's Consent Status.
  • Update Consent Group Purpose Rule: Use this API to update existing Purpose Rules within a Consent Group.
  • Delete Cross Device Consents and Receipts: Use this API to delete cross device consents and the related receipts. This API is designed for users with a CRO license. However, users with both UCPM and CRO licenses, can use the Delete Data Subjects API to delete CRO data subject identifiers. > 🗒 Things to Know > > - A maximum of 1000 data subject identifiers can be deleted per request. > - Requests will be processed asynchronously.
  • Create Custom Index: Use this API to trigger the creation of a custom search index for data elements. The response will include the runId that can be used to query the current creation status using the Get Index Creation Status API. > 🗒 Things to Know > > - Each account is limited to only one custom search index.
  • Get Index Creation Status: Use this API to retrieve the current creation status of the custom search index. The response will include details such as the current status, start and end time, and error details if applicable.
  • Create Data Subject Group: Use this API to create a new Data Subject Group. > 🗒 Things to Know > > - Data Subject Groups must contain at least one primary data subject identifier and two data subjects.
  • Get List of Data Subject Groups: Use this API to retrieve a list of Data Subject Groups.
  • Get List of Data Subject Group Members: Use this API to retrieve a list of all members of a data subject group.
  • Get List of Data Subject Group Associations by Data Subject: Use this API to retrieve details about a data subject's associations with Data Subject Groups. > 🗒 Things to Know > > - If the linkedIdentityGroupId parameter is passed, the response will include details for the data subject's association with the specified Data Subject Group. If not passed, the response will include details for the data subject's associations with all Data Subject Groups in which the data subject is a member.
  • Update Data Subject Group: Use this API to update an existing Data Subject Group. > 🗒 Things to Know > > - Data Subject Groups must contain at least one primary data subject identifier and two data subjects. > - To update the Data Subject Group name, use the groupName parameter and enter a new name different from the one already in use.
  • Create Data Subject Group: Use this API to create a new Data Subject Group. > 🗒 Things to Know > > - Data Subject Groups must contain at least one primary data subject identifier and two data subjects.
  • Delete Data Subject Group: Use this API to delete an existing Data Subject Group.
  • Get List of Data Subject Groups: Use this API to retrieve a list of all Data Subject Groups. The response will include the Data Subject Group ID, number of data subjects, and details of the primary data subjects in the group.
  • Get Data Subject Group: Use this API to retrieve a single Data Subject Group by its unique identifier along with details such as the Data Subject Group ID and the list of data subjects within its group.
  • Update Data Subject Group: Use this API to update an existing Data Subject Group. > 🗒 Things to Know > > - Data Subject Groups must contain at least one primary data subject identifier and two data subjects. > - To update the Data Subject Group name, use the groupName parameter and enter a new name different from the one already in use.
  • Delete Purposes from Data Subject: Use this API to delete up to 100 purposes from one data subject or to delete one purpose from up to 100 data subjects. > 🗒 Things to Know > > - By default, related data subject transactions will be removed from the database and will no longer appear in the OneTrust Platform UI after calling this API. However, the transactions can still be retrieved using the Get List of Receipts API. To maintain data subject transactions in the database and OneTrust Platform UI, set the retainTransactions parameter to true.
  • Delete Data Subjects: Use this API to delete data subjects. Deleting data subjects is a permanent action that should be exercised with caution. > 🗒 Things to Know > > - Data subjects can be deleted using any of the following values at a time: > - List of Identifiers > - List of Data Subject Identifier GUIDs > - Date range between fromCreatedDate and toCreatedDate (the timespan must be 24 hours or less). > - Date range between fromInteractionDate and toInteractionDate (the timespan must be 24 hours or less). > - When filtering by date range, created date and interaction date should be used separately. They should not be used at the same time. > - Up to 999 data subject identifiers can be deleted per API call. > - If a new data subject has to be deleted, it is recommended to wait at least 24 hours after its creation to ensure that all the data has been properly stored and synchronized before removal. > - Requests will be processed asynchronously and can be monitored in the View Activity option in the Data Subject list view within the OneTrust Platform. If multiple calls are required, wait until each request processes before making another call. > - By default, related data subject receipts and transactions will be removed from the database and will no longer appear in the OneTrust Platform UI after calling this API. However, the receipts and transactions can still be retrieved using the Get List of Receipts API. To maintain data subject receipts and transactions in the database and OneTrust Platform UI, set the retainReceiptsTransactions parameter to true. > 👍 > > The Enable Data Subject Deletion setting must be enabled within Global Settings in the OneTrust application in order to use this API. For more information, see Deleting Data Subject Records.
  • Delete Purpose from Data Subjects: Use this API for large scale deletion of a specific purpose from all data subjects. > 🗒 Things to Know > > - A data subject exclusion list is required to provide the specific data subjects from which the purpose should not be deleted. The Consent DS Exclusion import template within Global Settings in the OneTrust Platform can be used to create the data subject exclusion list and can be imported via Bulk Import in the application or via API. > - Once the data subject exclusion list has been successfully imported, either an importID or jobGuid parameter value must be specified in the request body. > - Data subject exclusion lists are valid during the next 30 days after submission. > - To override the data subject exclusion list requirement, set the deletePurposeFromAllDataSubjects parameter value to true. By default, this parameter is set to false. > - By default, related data subject transactions will be removed from the database and will no longer appear in the OneTrust Platform UI after calling this API. However, the transactions can still be retrieved using the Get List of Receipts API. To maintain data subject transactions in the database and OneTrust Platform UI, set the retainTransactions parameter to true.
  • Get List of Data Subjects: Use this API to retrieve a list of all data subjects. The response will include details for each data subject such as the associated data elements, data subject ID, and data subject identifier. By default, the response will return data subject details sorted in descending order of last modified date. > 🗒 Things to Know > > - This API is not designed to be used in synchronous workflows. As an alternative, the Gets preferences for a Data Subject API can be called. > 🚧 > > Please note that the FTC Do Not Call List is updated once daily and not updated in real time. As such, there may be a possibility that a consumer's preferences may have changed and they may have opted out of receiving communication before the Do Not Call list gets refreshed. OneTrust is merely conveying information received from the FTC and is not responsible for compiling the lists.
  • Search Data Subjects: Use this API to search for data subjects based on various criteria. The response will include details for each matching data subject such as the associated data elements, data subject ID, and data subject identifier. > 🗒 Things to Know > > - This API supports complex search criteria including filtering by data elements, purposes, and consent status. > - For large result sets, use pagination to retrieve data in manageable chunks. > - The response can be customized using the properties parameter to include or exclude certain data. > 🚧 > > Please note that the FTC Do Not Call List is updated once daily and not updated in real time. As such, there may be a possibility that a consumer's preferences may have changed and they may have opted out of receiving communication before the Do Not Call list gets refreshed. OneTrust is merely conveying information received from the FTC and is not responsible for compiling the lists.
  • Get List of Data Subjects: > ❗️ Migration Recommendation > > Please, do not adopt this API if you have not already done so. Continue to use the Get List of Data Subjects V1 API or request access to have Data Subjects V4 APIs enabled. Use this API to retrieve a list of all data subjects. Depending on the query or header parameter values passed in the request, the response will return specific details about data subjects, including relevant information about the latest Collection Point update. > 🗒 Things to Know > > - This API can also be used to retrieve the magic link token as linkToken in the response. > > - The identifier header parameter can be used to return information for a single data subject. > > - This API is designed to remain available during maintenance periods. > > - This API is not designed to be used in workflows.
  • Get Data Subject: > ❗️ Migration Recommendation > > Please, do not adopt this API if you have not already done so. Continue to use the Get List of Data Subjects V1 API or request access to have Data Subjects V4 APIs enabled. Use this API to retrieve a single data subject using the identifer header parameter. > 🗒 Things to Know > > - This API can also be used to retrieve the magic link token as linkToken in the response. > - This API will remain available during maintenance periods. > - This API is not designed to be used in workflows.
  • Delete Data Subject : Initiates a TTL-based deletion process for a data subject
  • Delete Purposes from Data Subjects: Initiates TTL-based deletion of specific purposes from data subjects
  • Get List of All Purpose Details by Data Subject: Use this API to retrieve a data subject’s purpose details for all purposes. The response will include all purposes that the data subject interacted with along with details such as status, last transaction date, consent date, and purpose preferences.
  • Get Data Subject: Use this API to retrieve a data subject’s basic details. The response will include details such as the data subject’s created date, last transaction date, and data elements.
  • Get Data Subject Details: Use this API to retrieve complete details for a specific data subject. The response will include all of the data subject’s basic details, purpose details, and email link tokens.
  • Get Optimized List of All Purpose Details for All Data Subjects: Use this optimized for high-performance API to retrieve an unsorted list of purpose details last updated between the specified date range for all data subjects. > 🗒 Things to Know > > - The maximum date range that can be returned is 7 days. > - Results are not returned in a specific order and may appear random. > - Supports bookmarking for consistent pagination. > - Optimized for high-performance bulk retrieval where sorting is not required. > - Has more flexible rate limits compared to the standard Get List of All Purpose Details for All Data Subjects API.
  • Get List of All Purpose Details for All Data Subjects: Use this API to retrieve a list of all purpose details last updated between a specified date range for all data subjects. > 🗒 Things to Know > > - The maximum date range that can be returned is 7 days.
  • Get Purpose Details by Data Subject: Use this API to retrieve a data subject’s purpose details for a specific purpose. The response will include details such as the last transaction date, consent date, and purpose preferences.
  • Get Optimized List of Data Subjects: Use this optimized for high-performance API to retrieve a list of unsorted data subjects that were last updated between the specified date range. The response includes key details such as each data subject’s identifier, created date, data elements, and last updated date. > 🗒 Things to Know > > - The maximum date range that can be returned is 7 days. > - Results are not returned in a specific order and may appear random. > - Supports bookmarking for consistent pagination. > - Optimized for high-performance bulk retrieval where sorting is not required. > - Has more flexible rate limits compared to the standard Get List of Data Subjects API.
  • Get List of Data Subjects: Use this API to retrieve a list of data subjects that were last updated between the specified date range. The response will include basic details, such as each data subject’s identifier, created date, data elements, and last updated date. > 🗒 Things to Know > > - The maximum date range that can be returned is 7 days.
  • Search Data Subjects by Data Element: Use this API to search for data subjects based on a specific data element name and value. > 🗒 Things to Know > > - This API supports pagination with continuation tokens for large result sets.
  • Update Data Subject's Data Elements: Use this API to create a new data subject or update an existing data subject. The data subject will be created or updated with the details provided in the request body. > 🗒 Things to Know > > - The data subject primary identifier cannot be updated. However, additional identifiers can be added, updated, or deleted: > - To add or update an additional identifier for a given data subject, set the linked parameter value to true and include a list of the additional identifiers within the value parameter. > - To remove an additional identifier from a given data subject, set the linked parameter value to true and leave the value parameter empty. Removed identifiers will remain associated with the data subject as data elements. > - This API is not designed to be used in synchronous workflows and will not trigger integr

… [truncated — open the raw llms.txt above for the full file]

Related
Vercel AI SDK

The AI Toolkit for TypeScript, from the creators of Next.js.

/llms.txt
136,985 tokens
Developer Tools
Mintlify

Meet the modern standard for public facing documentation. Beautiful out of the box, easy to maintain, and optimized for user engagement.

/llms.txt
5,436 tokens
/llms-full.txt
181,290 tokens
Developer Tools
Svelte

Web development for the rest of us.

/llms.txt
602 tokens
/llms-full.txt
453,623 tokens
Developer Tools
Pinecone

Search through billions of items for similar matches to any object, in milliseconds. It’s the next generation of search, an API call away.

/llms.txt
15,715 tokens
/llms-full.txt
588,629 tokens
Developer Tools
Trigger.dev

Build and deploy reliable background jobs with no timeouts and no infrastructure to manage.

/llms.txt
12,202 tokens
/llms-full.txt
387,586 tokens
Developer Tools
Turso

Get the simple developer experience of SQLite in production, and scale your multi-tenant backend with unlimited databases.

/llms.txt
10,006 tokens
/llms-full.txt
163,317 tokens
Developer Tools
Upstash

Upstash is a serverless data platform providing low latency and high scalability for real-time applications.

/llms.txt
52,307 tokens
/llms-full.txt
1,200,134 tokens
Developer Tools
Envoyer

One-click deployments built for teams, tuned for Laravel, loaded with tools and goodies you're going to love.

/llms.txt
565 tokens
/llms-full.txt
11,330 tokens
Developer Tools