API Get Privacy Data

Server-Side API endpoint to fetch Privacy Data

This endpoint fetches the underlying Privacy Data from an account that has granted consent for your dApp to access.

API endpoint to get PII data that has been granted to your dApp

GET https://int.quadrata.com/api/v1/privacy/data/${account}

Path Parameters

Name	Type	Description
account*		User's wallet address

Query Parameters

Name	Type	Description
scopes	List[String]	Sparse privacy scopes to fetch ?scopes=FN,EM If not provided, all granted scopes will be returned.

Headers

Name	Type	Description
Authorization*		Basic ${base64(apiKey)}
Date*	String	Date and time of current request Wed, 04 Oct 2023 02:39:37 GMT
X-Access-Token*	String	Privacy Access token Get Privacy Access Token
Signature*	String	API Signed Request Signature

200: OK User PII Data

{
  "data": {
    "attributes": {
      "ADR": {
        "value": "address city state zip country"
      },
      "DOB": {
        "value": "1985-02-28"
      },
      "EM": {
        "value": "user@email.com"
      },
      "FN": {
        "value": "FirstName"
      },
      "G": {
        "value": "123-gov-id"
      },
      "GC": {
        "value": "class"
      },
      "GE": {
        "value": "2031-05-15"
      },
      "GI": {
        "value": "2022-02-13"
      },
      "GIS": {
        "value": "CA"
      },
      "GP": {
        "value": {
          "backPhoto": {
            "byteSize": 248197,
            "filename": "photo1.jpg",
            "url": "https://..."
          },
          "frontPhoto": {
            "byteSize": 2005573,
            "filename": "photo2.jpg",
            "url": "https://..."
          }
        }
     },
      "LN": {
        "value": "LastName"
      },
      "MN": {
        "value": "MiddleName"
      },
    },
    "type": "privacy.data"
  }
}

400: Bad Request Invalid Request Payload

401: Unauthorized Invalid Signature, API_KEY, or Access Token

403: Forbidden Privacy Consent Not Available

In order to authenticate properly with this endpoint, you must first request a Privacy Access Token.

Privacy Access Tokens are one time use tokens. Attempting to reuse an access token will return a 401 Unauthorized response.

Example With Access Token

NodeJS

const buffer = require('buffer');

const privateKeyDer = '...';

// You can find `getPrivateKeyFromDer` in "How to sign API"."Full Example" page
const privateKey = await getPrivateKeyFromDer(privateKeyDer);

const walletAddress = '...';

// You can find `makeRequest` in "How to sign API"."Full Example" page
const accessResponse = await makeRequest({
    method: 'get',
    privateKey: privateKey,
    path: `/api/v1/privacy/access/${walletAddress}`
});
const { data: { authToken, accessToken } } = accessResponse;

const xAccessToken = Buffer
    .from(`${authToken}:${accessToken}`)
    .toString('base64');

const walletAddress = '...';

const json = await makeRequest({
    method: 'get',
    privateKey: privateKey,
    queryString: 'scopes=FN,EM',  // sparse scopes (optional)
    path: `/api/v1/privacy/data/${walletAddress}`,
    extraHeaders: {
        'X-Access-Token': xAccessToken
    }
});

console.log(json.data.attributes);

Python

"""
NOTE: you can find make_request in the full example located in the 
      API Signed Requests documentation page
"""

import base64
import json

wallet_address = '...'

# You can find `make_request` in "How to sign API"."Full Example" page
access_response = make_request(f'/api/v1/privacy/access/{wallet_address}')

auth_token = access_response['data']['authToken']
access_token = access_response['data']['accessToken']

x_access_token = base64.b64encode(
    f'{auth_token}:{access_token}'.encode('utf-8')
).decode('utf-8')

pii_response = make_request(
    query_string='scopes=FN,EM',  # sparse scopes (optional)
    path=f'/api/v1/privacy/data/{wallet_address}',
    extra_headers={
        'X-Access-Token': x_access_token
    }
)

print(json.dumps(pii_response, indent=2))

See How to sign API for message signing examples with more coverage and explanations.