The LiveIntent Privacy Management API is a programmatic interface enabling submission of data privacy requests to keep you compliant with privacy regulations, such as the the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR), that provide rights to individuals by giving them control over the collection, processing, use, and deletion of their personal data.
If you are a partner of LiveIntent and your business operates within a jurisdiction covered by CCPA or GDPR, the LiveIntent Privacy Management API will help you implement privacy compliance into your workflows. The Privacy Management API lets you integrate with LiveIntent and submit the following data subject requests through the API:
The Privacy Management API utilizes access tokens for request authentication. These access tokens grant you the necessary privileges to access the privacy API endpoints, allowing LiveIntent to identify the sender of a request and verify their access rights.
To get an access token, contact your account team at LiveIntent. Then use the provided access token as a bearer token in the Authorization header when sending request to any of the endpoints.
You can interact with the LiveIntent Privacy API as a partner, depending on the user categories you belong to on the LiveIntent ad exchange platform.
These user account categories are considered types of Account in the LiveIntent ad exchange platform. If you are new to LiveIntent and would like to learn more, please contact your account manager. If you need help setting up an appropriate partner account for your business, email our support team at support@liveintent.com.
For internal use only. This endpoint redirects to the report download URL using the signed URL parameters.
| transactionId required | string |
| expiresAt required | string Expiration timestamp for the signed URL |
| signature required | string Signature for URL validation |
nullThis endpoint lets you submit RESTRICT, ERASURE, and ACCESS requests.
To access any of the resources, get the access_token as described in the Authentication section, then call this endpoint by specifying an action. The submission of ACCESS requests is for internal use only. A request is considered valid if emailhashes set is not empty OR liveIntentFpcs set is not empty. If both emailHashes and liveItentFpcs are not empty, then the values are all considered as applied to the same, single data subject.
| jurisdiction | string or null The scope of the request. Either |
null or SimpleDsrScope (any) | |
| liveIntentFpcs | Array of strings unique Default: [] An array of the liveIntent first party cookies (DUIDs). If not set, this field defaults to the value of the default annotation. |
| callback | string or null For internal use only. Callback url that should be invoked when ACCESS request processing has been completed. |
| emailHashes | Array of strings unique Default: [] An array of email hashes. If not set, this field defaults to the value of the default annotation. |
| submitter | string or null Optional freeform string that may be used to describe the request submission. This value is simply logged with the request and no additional processing is applied. |
| action required | string (DsrAction) Enum: "RESTRICT" "ERASURE" "ACCESS" |
{- "jurisdiction": "string",
- "scope": { },
- "liveIntentFpcs": [ ],
- "callback": "string",
- "emailHashes": [ ],
- "submitter": "string",
- "action": "RESTRICT"
}{- "transactionId": "string"
}This endpoint lets you submit RESTRICT, ERASURE, and ACCESS requests for testing.
The correctness of submitted requests will be verified and the authority of the access_token to submit the type of request will be checked,
but the requests will not be persisted. Submitted requests will have no effect on privacy related settings of the submitted hashes and will not lead to a report generation in case of _ACCESS_ action.
Responses will consist of randomly generated data.
To access any of the resources, get the access_token as described in the Authentication section, then call this endpoint by specifying an action. A request is considered valid if emailhashes set is not empty OR liveIntentFpcs set is not empty. If both emailHashes and liveItentFpcs are not empty, then the values are all considered as applied to the same, single data subject.
| jurisdiction | string or null The scope of the request. Either |
null or SimpleDsrScope (any) | |
| liveIntentFpcs | Array of strings unique Default: [] An array of the liveIntent first party cookies (DUIDs). If not set, this field defaults to the value of the default annotation. |
| callback | string or null For internal use only. Callback url that should be invoked when ACCESS request processing has been completed. |
| emailHashes | Array of strings unique Default: [] An array of email hashes. If not set, this field defaults to the value of the default annotation. |
| submitter | string or null Optional freeform string that may be used to describe the request submission. This value is simply logged with the request and no additional processing is applied. |
| action required | string (DsrAction) Enum: "RESTRICT" "ERASURE" "ACCESS" |
{- "jurisdiction": "string",
- "scope": { },
- "liveIntentFpcs": [ ],
- "callback": "string",
- "emailHashes": [ ],
- "submitter": "string",
- "action": "RESTRICT"
}{- "transactionId": "string"
}For internal use only. This endpoint lets you download a report that you have already requested with the ACCESS request by providing the transactionId.
| transactionId required | string |
{- "jurisdiction": "string",
- "scope": {
- "Advertiser": {
- "id": 0
}
}, - "downloadUrl": "string",
- "callback": "string",
- "status": "string",
- "submitter": "string",
- "userId": 0,
- "action": "RESTRICT",
- "transactionId": "string",
- "emailHashes": [
- "string"
], - "createdAt": "string"
}For internal use only. This endpoint lets you search for previously submitted Data Subject Requests.
| emailHashes required | Array of strings non-empty unique |
{- "emailHashes": [
- "string"
]
}{- "results": [
- {
- "jurisdiction": "string",
- "scope": {
- "Advertiser": {
- "id": 0
}
}, - "liveIntentFpcs": [
- "string"
], - "callback": "string",
- "status": "string",
- "submitter": "string",
- "userId": 0,
- "action": "RESTRICT",
- "transactionId": "string",
- "emailHashes": [
- "string"
], - "createdAt": "string"
}
]
}Legacy endpoints for backward compatibility. These endpoints are deprecated and should not be used for new integrations.
Legacy endpoint for submitting data subject requests via POST body. Returns JSON response with transaction reference. The scope is read from the JWT's dsr.scope field (EU_PRIVACY or US_PRIVACY) and routes to the appropriate firehose (gdpr or ccpa).
| jwt required | string |
{- "jwt": "string"
}{- "reference": "string",
- "read": 0,
- "imported": 0
}Legacy endpoint for submitting data subject requests via query parameter. Returns a 1x1 transparent GIF. The scope is read from the JWT's dsr.scope field and routes to the appropriate firehose (gdpr or ccpa).
| dataSubjectRequest required | string JWT-encoded data subject request. The JWT contains a |
nullLegacy endpoint for submitting data subject requests via query parameter. Returns a 1x1 transparent GIF. The scope is read from the JWT's dsr.scope field and routes to the appropriate firehose (gdpr or ccpa).
| dsr required | string JWT-encoded data subject request. The JWT contains a |
null