Hasura Actions Index¶
This page documents every Hasura action registered in the Dxtra platform. All actions route through the DXTRA_CONDUIT_URL handler (dx-conduit service) and are authenticated via nhost-webhook-secret.
Actions are GraphQL mutations (or queries) that extend the Hasura schema. They forward requests to dx-conduit REST endpoints, which execute the business logic.
How Actions Work¶
sequenceDiagram
participant Client
participant Hasura
participant Conduit as dx-conduit
Client->>Hasura: GraphQL mutation/query
Hasura->>Hasura: Check role permissions
Hasura->>Conduit: POST to handler URL
Conduit->>Conduit: Execute business logic
Conduit-->>Hasura: JSON response
Hasura-->>Client: GraphQL responseAll actions include a nhost-webhook-secret header for authentication between Hasura and dx-conduit.
Authentication & Identity (8 actions)¶
Actions for user authentication, identity resolution, and session management.
| Action | Type | Roles | Timeout | Description |
|---|---|---|---|---|
verifyCaptcha | Mutation | anonymous, public, dataSubject, user | 30s | Verify Google reCAPTCHA token server-side before signup |
checkEmailVerificationStatus | Query | anonymous, public | 30s | Check if a user exists and whether their email is verified |
checkUserExistsByEmail | Mutation | dataSubject, user | 60s | Check if an invited user has an existing account |
processUserIdentity | Mutation | anonymous, user, dataSubject | 60s | Unified identity association with data controllers; creates/retrieves user_identities and data_subject |
issueIdentityCookie | Mutation | anonymous, user, dataSubject | 30s | Issue a signed JWS identity cookie for cross-session identity resolution |
createRedirectToken | Mutation | anonymous, user | -- | Insert temporary redirect token for Transparency Center widget auth redirect |
acceptPendingInvite | Mutation | user, dataSubject | 30s | Accept pending invites by email after user sign-in |
sendContactFormEmail | Mutation | anonymous, public | 30s | Send a contact form submission email via Customer.io |
verifyCaptcha¶
Verifies a Google reCAPTCHA token server-side before allowing signup.
Handler: /hasura/actions/auth/verify-captcha
mutation VerifyCaptcha($input: VerifyCaptchaInput!) {
verifyCaptcha(input: $input) {
success
message
}
}
Input/Output Types
processUserIdentity¶
Unified action for processing user identity associations with data controllers. Replaces client-side identity management logic in dx-dashboard and dx-transparency-center. Creates or retrieves a user_identities record and the associated data_subject.
Handler: /hasura/actions/users/identity/process
mutation ProcessUserIdentity($input: ProcessUserIdentityInput!) {
processUserIdentity(input: $input) {
status
message
data {
userIdentityId
dataSubjectId
dataControllerId
isNewIdentity
identityCookie
}
}
}
Input/Output Types
issueIdentityCookie¶
Issues a signed JWS identity cookie for cross-session identity resolution. Creates or retrieves a data_subject via the PPL system and returns a tamper-proof cookie. Cookie is stored as dxtra:identity:v2:{dataControllerId} for privacy-preserving identity matching.
Handler: /hasura/actions/users/identity/issue-cookie
mutation IssueIdentityCookie($input: IssueIdentityCookieInput!) {
issueIdentityCookie(input: $input) {
status
message
data {
dataSubjectId
identityCookie
}
}
}
Input/Output Types
checkEmailVerificationStatus¶
Check if a user exists and whether their email is verified. Used during sign-in to determine if the user needs email verification.
Handler: /hasura/actions/auth/check-email-verification-status
query CheckEmailVerificationStatus($input: CheckEmailVerificationStatusInput!) {
checkEmailVerificationStatus(input: $input) {
exists
emailVerified
}
}
Input/Output Types
createRedirectToken¶
Insert a temporary redirect token for Transparency Center widget auth redirect.
Handler: /hasura/actions/data-subjects/transparency-redirect/transparency-center-redirect
mutation CreateRedirectToken($input: CreateRedirectTokenInput!) {
createRedirectToken(input: $input) {
status
message
token
}
}
Input/Output Types
sendContactFormEmail¶
Sends a contact form submission email to the support team via Customer.io.
Handler: /hasura/actions/public/contact-form/send-contact-form-email
mutation SendContactFormEmail($input: SendContactFormEmailInput!) {
sendContactFormEmail(input: $input) {
status
message
}
}
Input/Output Types
Payments & Stripe (5 actions)¶
Actions for Stripe payment processing, subscriptions, and billing management.
| Action | Type | Roles | Timeout | Description |
|---|---|---|---|---|
createCheckoutSession | Mutation | dataSubject, user | -- | Create a Stripe checkout session |
fetchStripeProducts | Query | dataSubject, user | -- | Fetch Stripe products and prices |
getCustomerSubscription | Query | user | -- | Fetch data controller Stripe subscription details |
createBillingPortal | Mutation | user | -- | Create customer invoice portal URL |
cancelStripeSubscription | Mutation | user | 60s | Cancel a Stripe subscription |
createCheckoutSession¶
Handler: /payments/create-checkout-session
mutation CreateCheckoutSession($createCheckoutSessionInput: CreateCheckoutSessionInput) {
createCheckoutSession(createCheckoutSessionInput: $createCheckoutSessionInput) {
sessionId
url
}
}
Input/Output Types
fetchStripeProducts¶
Handler: /payments/stripe-products
query FetchStripeProducts {
fetchStripeProducts {
products {
id
name
description
image
tax_code
features
prices {
id
amount
currency
interval
}
}
}
}
getCustomerSubscription¶
Handler: /payments/customer-subscriptions
query GetCustomerSubscription($input: GetCustomerSubscriptionInput) {
getCustomerSubscription(input: $input) {
customer { id email name metadata }
subscriptions {
id status start_date current_period_end cancel_at_period_end canceled_at
items { id price_id product_id amount currency plan_name }
}
paymentMethods { id brand last4 exp_month exp_year is_default }
invoices { id date amount_due currency status payment_method hosted_invoice_url }
}
}
cancelStripeSubscription¶
Handler: /payments/cancel-subscription
mutation CancelStripeSubscription($input: CancelStripeSubscriptionInput!) {
cancelStripeSubscription(input: $input) {
success
subscriptionId
current_period_end
}
}
Input/Output Types
Google Analytics & Ads (9 actions)¶
Actions for Google Analytics event tracking, Google Ads conversion API, script generation and verification, and OAuth connection management.
| Action | Type | Roles | Timeout | Description |
|---|---|---|---|---|
ProcessGoogleEvent | Mutation | anonymous, user, dataSubject | -- | Process events from Google Ads/Analytics into data processing activities |
generateGoogleScript | Mutation | anonymous, user, dataSubject | 60s | Generate Google Ads/Analytics scripts for client-side injection |
VerifyGoogleScript | Mutation | anonymous, user, dataSubject | -- | Verify signature of a Google script before execution |
sendGoogleEventTracking | Mutation | anonymous, user, dataSubject | -- | Send event tracking data via Google API |
SendGoogleAdsEventTracking | Mutation | anonymous, user, dataSubject | -- | Send event tracking data to Google Ads Conversion API |
googleAdsOAuthAuthorize | Mutation | user | 30s | Generate Google Ads OAuth authorization URL |
googleAdsOAuthCallback | Mutation | user | 60s | Handle Google Ads OAuth callback and store credentials |
googleAdsConnectionStatus | Query | user | -- | Check Google Ads OAuth connection status |
sendMetaEventTracking | Mutation | anonymous, user, dataSubject | -- | (Listed with Meta but shares EventTrackingInput type) |
ProcessGoogleEvent¶
Processes events from Google Ads and Analytics into data processing activities, privacy-preserving links, and data subjects.
Handler: /integrations/google/event
mutation ProcessGoogleEvent($input: ProcessGoogleEventInput!) {
ProcessGoogleEvent(input: $input) {
message
status
errors
data { id }
}
}
Input/Output Types
generateGoogleScript¶
Generates Google Ads/Analytics scripts for client-side injection, including consent mode configuration.
Handler: /integrations/google/generate
mutation GenerateGoogleScript($input: GenerateGoogleScriptInput!) {
generateGoogleScript(input: $input) {
status
message
errors
data {
dataControllerId
scripts { head inline }
signed
}
}
}
Input/Output Types
input GenerateGoogleScriptInput {
event: String!
dataControllerId: String!
payload: GoogleScriptPayload!
origin: String!
}
input GoogleScriptPayload {
eventName: String!
consent: ConsentModeInput
}
input ConsentModeInput {
analytics_storage: String!
ad_storage: String!
ad_user_data: String!
ad_personalization: String!
}
SendGoogleAdsEventTracking¶
Sends event tracking data to Google Ads Conversion API with support for enhanced conversions.
Handler: /integrations/google-ads/event-tracking
mutation SendGoogleAdsEventTracking($eventTrackingInput: GoogleAdsEventTrackingInput!) {
SendGoogleAdsEventTracking(eventTrackingInput: $eventTrackingInput) {
status
message
googleStatus
googleResponse
}
}
Input/Output Types
input GoogleAdsEventTrackingInput {
dataControllerId: String!
dxUserId: String
email: String
event: String!
payload: GoogleAdsEventTrackingPayload!
}
input GoogleAdsEventTrackingPayload {
name: String!
source: String!
dataSubjectId: String!
data: jsonb
consentMode: ConsentModeInput
user: EventTrackingUser
client: EventTrackingClient
}
googleAdsOAuthAuthorize¶
Generates a Google Ads OAuth authorization URL for server-side Conversion API setup.
Handler: /integrations/google-ads/oauth/authorize
mutation GoogleAdsOAuthAuthorize($input: GoogleAdsOAuthAuthorizeInput!) {
googleAdsOAuthAuthorize(input: $input) {
status
message
authUrl
}
}
googleAdsOAuthCallback¶
Handles Google Ads OAuth callback and stores credentials.
Handler: /integrations/google-ads/oauth/callback
mutation GoogleAdsOAuthCallback($input: GoogleAdsOAuthCallbackInput!) {
googleAdsOAuthCallback(input: $input) {
status
message
dataControllerId
customerIds
}
}
Input/Output Types
googleAdsConnectionStatus¶
Handler: /integrations/google-ads/oauth/status (GET)
query GoogleAdsConnectionStatus($input: GoogleAdsConnectionStatusInput!) {
googleAdsConnectionStatus(input: $input) {
status
message
data {
connected
connectedAt
customerIds
primaryCustomerId
}
}
}
Meta / Facebook (3 actions)¶
Actions for Meta Pixel script generation, verification, and event tracking.
| Action | Type | Roles | Timeout | Description |
|---|---|---|---|---|
generateMetaScript | Mutation | anonymous, user, dataSubject | 60s | Generate Meta Pixel scripts for client-side injection |
verifyMetaScript | Mutation | anonymous, user, dataSubject | -- | Verify signature of a Meta Pixel script before execution |
sendMetaEventTracking | Mutation | anonymous, user, dataSubject | -- | Send event tracking data via Meta Conversions API |
generateMetaScript¶
Handler: /integrations/meta/generate
mutation GenerateMetaScript($input: GenerateMetaScriptInput!) {
generateMetaScript(input: $input) {
status
message
errors
data {
dataControllerId
scripts { head inline }
signed
}
}
}
Input/Output Types
sendMetaEventTracking¶
Handler: /integrations/meta/event-tracking
mutation SendMetaEventTracking($eventTrackingInput: EventTrackingInput) {
sendMetaEventTracking(eventTrackingInput: $eventTrackingInput) {
status
message
}
}
Shared EventTrackingInput Type
input EventTrackingInput {
event: String!
payload: EventTrackingPayloadInput!
dataControllerId: String!
dxUserId: String
}
input EventTrackingPayloadInput {
name: String!
source: String!
dataSubjectId: String
dxUserId: String
user: EventTrackingPayloadUserInput
client: EventTrackingPayloadClientInput!
data: JSON
consentMode: ConsentModeInput
}
Google Drive (2 actions)¶
Actions for Google Drive OAuth connection and file scanning integration.
| Action | Type | Roles | Timeout | Description |
|---|---|---|---|---|
googleDriveAuthCallback | Mutation | user | 60s | Handle Google Drive OAuth callback |
googleDriveConnectionStatus | Query | user | -- | Check Google Drive connection status |
googleDriveConnectionStatus¶
Handler: /integrations/google-drive/status (GET)
query GoogleDriveConnectionStatus($input: GoogleDriveConnectionStatusInput!) {
googleDriveConnectionStatus(input: $input) {
status
message
data {
connected
connectedAt
accountEmail
lastScanAt
filesScannedCount
}
}
}
Data Subjects (5 actions)¶
Actions for managing data subject records, identity resolution, consent tracking, and event tracking.
| Action | Type | Roles | Timeout | Description |
|---|---|---|---|---|
createDataSubject | Mutation | dataSubject, user | 60s | Create a data subject record on signup |
generateDataSubjectDID | Mutation | user | 210s | Generate a deterministic DID for a data subject |
getDataSubjectId | Mutation | anonymous, dataSubject, user | -- | Look up data subject ID by field hash matching |
upsertDataSubjectConsents | Mutation | user, anonymous, dataSubject | -- | Upsert consent form values from cookie data |
insertDataSubjectEventTracking | Mutation | user, anonymous, dataSubject | -- | Track data subject consent events to analytics platforms |
createDataSubject¶
Handler: /integrations/dxtra/event
mutation CreateDataSubject($input: CreateDataSubjectInput!) {
createDataSubject(input: $input) {
message
dataSubjectId
}
}
Input/Output Types
upsertDataSubjectConsents¶
Upserts data subject consent form values from cookie data to the database. Supports both single and multiple consent form IDs, purpose consents, and preference values.
Handler: /hasura/actions/data-subjects/consents/upsert
mutation UpsertDataSubjectConsents(
$dataControllerId: uuid!
$purposes: json!
$consentFormId: uuid
$consentFormIds: [uuid!]
$version: String
$timestamp: bigint
$submissionHash: String
$userContext: UpsertConsentsUserContext
$preferences: json
$dataSubjectId: uuid
$dxUserId: String
$userEmail: String
) {
upsertDataSubjectConsents(
dataControllerId: $dataControllerId
purposes: $purposes
consentFormId: $consentFormId
consentFormIds: $consentFormIds
version: $version
timestamp: $timestamp
submissionHash: $submissionHash
userContext: $userContext
preferences: $preferences
dataSubjectId: $dataSubjectId
dxUserId: $dxUserId
userEmail: $userEmail
) {
status
message
data {
dataSubjectId
upsertedCount
consentCookie
}
}
}
insertDataSubjectEventTracking¶
Tracks data subject consent events by sending them to configured analytics platforms (Google Analytics, Meta, etc.).
Handler: /hasura/actions/data-subjects/event-tracking/insert
mutation InsertDataSubjectEventTracking(
$dataSubjectId: uuid
$dataControllerId: uuid!
$consentFormId: uuid!
$consentStatus: String!
$eventData: json
$userEmail: String
$dxUserId: String
$purposeConsents: json
) {
insertDataSubjectEventTracking(
dataSubjectId: $dataSubjectId
dataControllerId: $dataControllerId
consentFormId: $consentFormId
consentStatus: $consentStatus
eventData: $eventData
userEmail: $userEmail
dxUserId: $dxUserId
purposeConsents: $purposeConsents
) {
status
message
data {
dataSubjectId
dataControllerId
}
}
}
getDataSubjectId¶
Look up a data subject ID by field hash matching (e.g., matching by email hash).
Handler: /hasura/actions/data-subjects/hash-matching/get-data-subject-id
mutation GetDataSubjectId($input: GetDataSubjectIdInput!) {
getDataSubjectId(input: $input) {
status
message
data { dataSubjectId }
}
}
Input/Output Types
generateDataSubjectDID¶
Generates a deterministic DID (Decentralized Identifier) for a data subject using SHA3-256 hash of the PostgreSQL UUID.
Handler: /hasura/actions/data-subjects/did/generate
mutation GenerateDataSubjectDID($generateDataSubjectDIDInput: GenerateDataSubjectDIDInput) {
generateDataSubjectDID(generateDataSubjectDIDInput: $generateDataSubjectDIDInput) {
status
message
data { dataSubjectId }
}
}
Data Controllers (5 actions)¶
Actions for managing data controller DIDs, profiles, consent processing, and compliance reporting.
| Action | Type | Roles | Timeout | Description |
|---|---|---|---|---|
generateDataControllerDID | Mutation | user | 210s | Generate a deterministic DID for a data controller |
getDataControllerProfile | Mutation | user | 5000s | Generate a data controller profile for AI assistants |
createDataControllerProfileSnapshot | Mutation | dataSubject, user | -- | Insert a v0 data controller profile snapshot |
processDataControllerConsent | Mutation | user | 120s | Process internal consent events for a data controller |
reportDataControllersComplianceIssues | Query | user | -- | Report on data controller compliance issues |
generateDataControllerDID¶
Generates a deterministic DID for a data controller using SHA3-256 hash.
Handler: /hasura/actions/data-controllers/did/generate
mutation GenerateDataControllerDID($generateDataControllerDIDInput: GenerateDataControllerDIDInput) {
generateDataControllerDID(generateDataControllerDIDInput: $generateDataControllerDIDInput) {
status
message
data {
dataControllerId
did
}
}
}
processDataControllerConsent¶
Processes internal consent events for a data controller, including toggle states, purpose names, and timestamps.
Handler: /hasura/actions/data-controllers/consent/process
mutation ProcessDataControllerConsent(
$internalConsent: JSON!
$eventDetail: ConsentEventDetail!
$context: ConsentContext!
) {
processDataControllerConsent(
internalConsent: $internalConsent
eventDetail: $eventDetail
context: $context
) {
data
message
status
}
}
Input Types
reportDataControllersComplianceIssues¶
Handler: /hasura/actions/data-controllers/compliance-issues/report
query ReportDataControllersComplianceIssues(
$reportDataControllersComplianceIssuesInput: ReportDataControllersComplianceIssuesInput
) {
reportDataControllersComplianceIssues(
reportDataControllersComplianceIssuesInput: $reportDataControllersComplianceIssuesInput
) {
status
message
data {
rows {
id dataControllerId createdAt updatedAt
state description priority isDismissed
}
}
}
}
Privacy Notices (3 actions)¶
Actions for generating, sampling, and inserting AI-generated privacy notices.
| Action | Type | Roles | Timeout | Description |
|---|---|---|---|---|
insertGeneratedNotices | Mutation | (admin only) | 500s | Insert AI-generated privacy notices (quickLook, overview, full) |
insertGeneratedPurposes | Mutation | (admin only) | 5000s | Insert generated purposes and mappings |
samplePrivacyNotices | Query | (admin only) | -- | Get a sample of a valid privacy notice |
Admin-Only Actions
These actions have no explicit role permissions, meaning they are only accessible via the admin secret (server-to-server). They are used internally by the AI document generation pipeline.
insertGeneratedNotices¶
Inserts AI-generated multi-layered privacy notices. Returns the IDs of all three inserted notice types.
Handler: /hasura/actions/data-controllers/v0-assistants/privacy-notices/insert-v0
mutation InsertGeneratedNotices(
$dataControllerId: uuid!
$versionNumber: Int!
$notices: InsertPrivacyNoticesInput!
) {
insertGeneratedNotices(
dataControllerId: $dataControllerId
versionNumber: $versionNumber
notices: $notices
) {
status
message
inserted {
quickLook
overview
full
}
}
}
Input Types
input InsertPrivacyNoticesInput {
quickLook: PrivacyNoticeContent!
overview: PrivacyNoticeContent!
full: PrivacyNoticeContent!
}
input PrivacyNoticeContent {
mainTitle: String!
introduction: String!
sections: [PrivacyNoticeSection!]!
}
input PrivacyNoticeSection {
sectionTitle: String!
cards: [PrivacyNoticeCard!]!
}
input PrivacyNoticeCard {
title: String!
details: String!
}
samplePrivacyNotices¶
Returns a sample of a valid privacy notice. The privacyNoticeType parameter accepts quickLook, overview, or full.
Handler: /hasura/actions/privacy-notices/sample
query SamplePrivacyNotices($samplePrivacyNoticesInput: SamplePrivacyNoticesInput) {
samplePrivacyNotices(samplePrivacyNoticesInput: $samplePrivacyNoticesInput) {
status
message
data { textList }
}
}
FAQ (1 action)¶
| Action | Type | Roles | Timeout | Description |
|---|---|---|---|---|
answerFAQ | Mutation | dataSubject, user | 60s | AI-powered FAQ answering for data controllers |
answerFAQ¶
Answers a frequently asked question using AI, scoped to a specific data controller's context.
Handler: /hasura/actions/data-controllers/faqs/answer
mutation AnswerFAQ($answerFAQInput: AnswerFAQInput) {
answerFAQ(answerFAQInput: $answerFAQInput) {
status
message
data {
id
textList
}
}
}
Input Types
AI Health (3 actions)¶
Ping endpoints to verify connectivity to external AI services.
| Action | Type | Roles | Timeout | Description |
|---|---|---|---|---|
anthropicPing | Mutation | user | 60s | Check Anthropic API connectivity |
openaiPing | Mutation | user | 60s | Check OpenAI API connectivity |
linearPing | Mutation | user | 60s | Check Linear API connectivity |
anthropicPing¶
Handler: /hasura/actions/data-controllers/ai/anthropic-ping
All three ping actions return the same structure: { status, message, data { ok } }.
Email & Notifications (4 actions)¶
Actions for sending emails, managing invites, and inserting notifications.
| Action | Type | Roles | Timeout | Description |
|---|---|---|---|---|
sendInviteEmail | Mutation | user | 60s | Send team invitation email |
acceptPendingInvite | Mutation | user, dataSubject | 30s | Accept pending invites by email after sign-in |
sendContactFormEmail | Mutation | anonymous, public | 30s | Send contact form submission via Customer.io |
insertNotificationMessageAction | Mutation | user | 1000s | Insert a notification message for a specific owner |
sendInviteEmail¶
Handler: /hasura/actions/data-controllers/email/send-invite-email
mutation SendInviteEmail($input: SendInviteEmailInput!) {
sendInviteEmail(input: $input) {
status
message
}
}
Input Types
insertNotificationMessageAction¶
Insert a notification message for a specific owner (data controller or data subject).
Handler: /notifications/insert-notification
mutation InsertNotificationMessageAction(
$ownerId: uuid!
$ownerType: String!
$title: String!
$message: String!
$severity: String
$isRead: Boolean
$expireAt: timestamptz
) {
insertNotificationMessageAction(
ownerId: $ownerId
ownerType: $ownerType
title: $title
message: $message
severity: $severity
isRead: $isRead
expireAt: $expireAt
) {
status
message
}
}
Tag Manager (2 actions)¶
Actions for Tag Manager authentication and reporting.
| Action | Type | Roles | Timeout | Description |
|---|---|---|---|---|
loginUserTagManager | Mutation | user | 1000s | Log in to Tag Manager account |
reportTagManagerApplicationStats | Query | user | -- | Report Tag Manager application statistics |
loginUserTagManager¶
Handler: /hasura/actions/tag-manager/user/login
mutation LoginUserTagManager($loginUserTagManagerInput: LoginUserTagManagerInput) {
loginUserTagManager(loginUserTagManagerInput: $loginUserTagManagerInput) {
status
message
data {
userId
redirect
}
}
}
reportTagManagerApplicationStats¶
Returns detailed analytics stats for Tag Manager applications including events, pages, sessions, devices, browsers, UTM parameters, and more.
Handler: /hasura/actions/tag-manager/applications/stats
query ReportTagManagerApplicationStats(
$reportTagManagerApplicationStatsInput: ReportTagManagerApplicationStatsInput
) {
reportTagManagerApplicationStats(
reportTagManagerApplicationStatsInput: $reportTagManagerApplicationStatsInput
) {
status
message
data {
orgId
apps {
appId appName events pages entryPages exitPages
averageSessionDuration bounceRatio countries regions cities
referrers referrerTlds utmSources utmMediums utmCampaigns
devices browsers browserVersions screenSizes operatingSystems
eventGroups errors
}
}
}
}
Input Types
Reporting (3 actions)¶
Actions for generating compliance and analytics reports.
| Action | Type | Roles | Timeout | Description |
|---|---|---|---|---|
reportDataSubjectsRightsRequests | Query | (admin only) | -- | Report on data subject rights requests |
reportDataSubjectsStats | Query | (admin only) | -- | Report on data subject statistics |
reportThirdPartyServices | Query | user | -- | Report on third-party services |
reportDataSubjectsRightsRequests¶
Handler: /hasura/actions/data-subjects/rights-requests/report
query ReportDataSubjectsRightsRequests(
$reportDataSubjectsRightsRequestsInput: ReportDataSubjectsRightsRequestsInput
) {
reportDataSubjectsRightsRequests(
reportDataSubjectsRightsRequestsInput: $reportDataSubjectsRightsRequestsInput
) {
status
message
data {
rows {
id dataSubjectId createdAt requestType description
}
}
}
}
reportThirdPartyServices¶
Handler: /hasura/actions/third-party-services/report
query ReportThirdPartyServices($reportThirdPartyServicesInput: ReportThirdPartyServicesInput) {
reportThirdPartyServices(reportThirdPartyServicesInput: $reportThirdPartyServicesInput) {
status
message
data {
rows { name description model }
}
}
}
Domain Verification (1 action)¶
| Action | Type | Roles | Timeout | Description |
|---|---|---|---|---|
triggerDomainVerificationRecheck | Mutation | user | 60s | Manually trigger domain DNS verification |
triggerDomainVerificationRecheck¶
Manually triggers a DNS verification check for all pending domain verifications. This action invokes the same handler as the verify_domain_records cron trigger.
Handler: /hasura/cron_triggers/domain_verifications
mutation TriggerDomainVerificationRecheck {
triggerDomainVerificationRecheck {
ok
processed
}
}
Translation (1 action)¶
| Action | Type | Roles | Timeout | Description |
|---|---|---|---|---|
translateText | Mutation | user | 120s | Translate text using DeepL API |
translateText¶
Translates text using the DeepL API. Used for document translation workflows.
Handler: /hasura/actions/translate/translate-deepl
mutation TranslateText($input: TranslateTextInput!) {
translateText(input: $input) {
translatedText
}
}
Input Types
Processor Onboarding (2 actions)¶
Actions for data processor OAuth and onboarding configuration.
| Action | Type | Roles | Timeout | Description |
|---|---|---|---|---|
dataProcessorOAuthById | Mutation | anonymous, user | -- | Configure data processor integration by controller ID |
dataProcessorOnboarding | Mutation | user | -- | Configure data processor integration by DID |
dataProcessorOAuthById¶
Dynamic handler URL based on the processor name. Routes to /integrations/{dataProcessor}/set-up.
Handler: /integrations/{dataProcessor}/set-up?dataControllerId={id}
mutation DataProcessorOAuthById(
$value: String!
$dataControllerId: String!
$dataProcessor: String!
$nonce: String
) {
dataProcessorOAuthById(
value: $value
dataControllerId: $dataControllerId
dataProcessor: $dataProcessor
nonce: $nonce
) {
id message url dataProcessorId
}
}
dataProcessorOnboarding¶
Handler: /integrations/{dataProcessor}/set-up?did={did}&dxKey={dxKey}
mutation DataProcessorOnboarding(
$value: String!
$did: String!
$dxKey: String!
$dataProcessor: String!
) {
dataProcessorOnboarding(
value: $value
did: $did
dxKey: $dxKey
dataProcessor: $dataProcessor
) {
id message url dataProcessorId
}
}
Reassessment & Reprocessing (2 actions)¶
| Action | Type | Roles | Timeout | Description |
|---|---|---|---|---|
triggerManualReassessment | Mutation | user | 120s | Manually trigger a compliance reassessment |
reprocessControllerUsers | Mutation | user | 60s | Reprocess all controller users for identity resolution |
triggerManualReassessment¶
Queues a manual compliance reassessment for a data controller.
Handler: /hasura/actions/data-controllers/ai/trigger-manual-reassessment
mutation TriggerManualReassessment($dataControllerId: uuid!) {
triggerManualReassessment(dataControllerId: $dataControllerId) {
inserted
}
}
reprocessControllerUsers¶
Reprocesses all users for a data controller, running identity resolution and data subject creation for each.
Handler: /integrations/dxtra/controller-users/reprocess
mutation ReprocessControllerUsers($dataControllerId: uuid!) {
reprocessControllerUsers(dataControllerId: $dataControllerId) {
message
processed
total
results {
userId email dataSubjectId
}
errors
}
}
QuickBooks (1 action)¶
| Action | Type | Roles | Timeout | Description |
|---|---|---|---|---|
quickbooksAuthCallback | Mutation | user | 60s | Handle QuickBooks OAuth callback |
quickbooksAuthCallback¶
Handler: /integrations/quickbooks/confirmation/set-up
mutation QuickbooksAuthCallback($input: QuickbooksAuthCallbackInput!) {
quickbooksAuthCallback(input: $input) {
message
dataControllerId
}
}
Input Types
NetSuite (2 actions)¶
Actions for configuring NetSuite integration via webhook or polling.
| Action | Type | Roles | Timeout | Description |
|---|---|---|---|---|
netsuiteWebhookSetup | Mutation | user | 60s | Configure NetSuite webhook with HMAC secret validation |
netsuitePollingSetup | Mutation | user | 60s | Configure NetSuite OAuth 1.0a polling for customer data sync |
netsuiteWebhookSetup¶
Handler: /api/v1/integrations/netsuite/webhook/set-up
mutation NetsuiteWebhookSetup($input: NetsuiteWebhookSetupInput!) {
netsuiteWebhookSetup(input: $input) {
status
message
integrationType
}
}
Input Types
netsuitePollingSetup¶
Handler: /api/v1/integrations/netsuite/polling/set-up
mutation NetsuitePollingSetup($input: NetsuitePollingSetupInput!) {
netsuitePollingSetup(input: $input) {
status
message
integrationType
scheduledEventId
}
}
Input Types
Shared Types¶
ActionStatus Enum¶
Used as the status field in many action responses.
Common Response Pattern¶
Most actions follow this standard response pattern:
type ActionResponse {
status: ActionStatus! # or String!
message: String!
data: <ActionSpecificData>
}
Permissions Reference¶
| Role | Description | Typical Access |
|---|---|---|
anonymous | Unauthenticated users | Captcha, identity resolution, consent tracking, event tracking |
public | Public-facing endpoints | Captcha verification, email verification, contact form |
dataSubject | Authenticated data subjects | Consent operations, FAQ, checkout, identity |
user | Authenticated dashboard users | Full access to management actions |
| (admin) | Server-to-server only | Privacy notice generation, reporting |