OpenDSR API
Implements the Open DSR (formerly OpenGDPR) specification for programmatic Data Subject Request submission, status tracking, and cancellation.
Base Path
/opendsr
Authentication
All endpoints require an authenticated user session via Bearer token.
Endpoints
Discovery
GET /opendsr/discovery
Advertise supported DSR types and processor identity. Use this to discover what request types are available before submitting a request.
Response 200 OK
{
"api_version": "2.0",
"supported_subject_request_types": ["access", "erasure", "rectification"],
"processor_certificate": "https://qarion.com/privacy"
}
Create DSR Request
POST /opendsr/requests
Create a new Data Subject Request. This automatically creates a tracked ticket with DSR-specific metadata and can optionally trigger a governance workflow.
Request Body
{
"subject_request_type": "erasure",
"subject_identities": [
{
"identity_type": "email",
"identity_value": "user@example.com"
}
],
"status_callback_url": "https://your-system.com/dsr/callback"
}
| Field | Type | Required | Description |
|---|---|---|---|
subject_request_type | string | Yes | One of: access, erasure, rectification, or a custom DSR type name |
subject_identities | array | Yes | At least one identity (email recommended) |
status_callback_url | string | No | URL to receive status change webhooks |
Response 201 Created
{
"request_id": "550e8400-e29b-41d4-a716-446655440000",
"subject_request_type": "erasure",
"status": "open",
"created_at": "2026-02-27T16:00:00Z",
"updated_at": null,
"subject_identities": [
{ "identity_type": "email", "identity_value": "user@example.com" }
],
"status_callback_url": "https://your-system.com/dsr/callback"
}
Get DSR Request Status
GET /opendsr/requests/{request_id}
Retrieve the current status of a DSR request.
Path Parameters
| Parameter | Type | Description |
|---|---|---|
request_id | UUID | The DSR request identifier |
Response 200 OK
Returns the same schema as the create response.
Error Responses
| Status | Description |
|---|---|
404 | DSR request not found |
Cancel DSR Request
DELETE /opendsr/requests/{request_id}
Cancel a pending DSR request by closing the underlying ticket.
Path Parameters
| Parameter | Type | Description |
|---|---|---|
request_id | UUID | The DSR request to cancel |
Response 204 No Content
Error Responses
| Status | Description |
|---|---|
404 | DSR request not found |
409 | Request is already completed or closed |
Custom DSR Types
Beyond the standard access, erasure, and rectification types, Qarion supports configurable custom DSR types. Custom types can be linked to governance workflows for automated processing.
Related
- DSR Admin API — Direct data export and erasure execution endpoints
- Webhooks — Outbound event push for status updates