Last updated: 2026-04-06
Reference
DX API Overview¶
Dxtra's primary GraphQL API for privacy compliance management, data processing automation, and regulatory compliance.
Getting Started
Quick Links: First API Request | Authentication Guide | GraphQL Reference
API Information¶
| Property | Value |
|---|---|
| Base URL | https://api.dxtra.ai/v1/graphql |
| Protocol | GraphQL over HTTPS |
| Authentication | JWT Bearer Tokens (setup guide) |
| Rate Limits | Webhook endpoints: 1000 req/15 min. GraphQL API is not rate limited. See Rate Limits |
| Response Format | Standard GraphQL: {data: {...}} or {errors: [...]} |
| Schema Introspection | Enabled |
Production Endpoints
- Authentication:
https://auth.dxtra.ai-- JWT token exchange and user management - GraphQL API:
https://api.dxtra.ai-- Primary privacy compliance operations
Core API Capabilities¶
Data Discovery and Mapping¶
Track and manage personal data across your business systems:
- Data Subject Management -- Customer privacy profile creation and lifecycle tracking
- Processing Activity Logging -- Audit trail of all data operations
- Third-Party Data Sharing -- Monitor data shared with processors and partners
- Cross-Platform Linking -- Privacy-preserving identity resolution
Key operations: dataSubjects | dataProcessingActivities | thirdPartyServices
Consent Management¶
Automate consent collection and preference management:
- Consent Collection -- Capture and validate customer consent preferences
- Preference Synchronization -- Sync consent across integrated platforms
- Legal Basis Tracking -- Document legal justification for data processing
- Consent History -- Complete audit trail of consent changes
Key operations: consents | consentPreferences
Data Subject Rights Automation¶
Handle privacy rights requests with compliance validation:
- Rights Request Processing -- GDPR Articles 15-21 automation
- Data Export Generation -- Automated data portability responses (Article 20)
- Erasure Processing -- Right to be forgotten implementation (Article 17)
- Response Time Tracking -- Monitor compliance with 30-day response requirements
Key operations: dataSubjectsRightsRequests
Compliance Monitoring¶
Real-time compliance monitoring with reporting:
- Privacy Risk Assessment -- Automated privacy impact assessments
- Compliance Reporting -- Generate regulatory reports and audit documentation
- Data Flow Analysis -- Track data movement across systems and jurisdictions
Real-Time Capabilities¶
Live privacy data updates via GraphQL subscriptions:
GraphQL
subscription StreamDataProcessingActivities(
$dataControllerId: uuid!
) {
dataProcessingActivities(
where: {
dataSubject: {dataControllerId: {_eq: $dataControllerId}}
}
order_by: {triggeredAt: desc}
) {
id
typeId
sourceId
triggeredAt
dataSubject {
id
did
}
type {
label
}
}
}
Use cases:
- Live compliance dashboard monitoring
- Instant notification of rights requests
- Cross-platform consent preference updates
- Real-time data processing activity streams
Advanced Query Capabilities¶
GraphQL
query GetActiveDataControllers(
$dateRange: timestamptz!,
$status: String!
) {
dataControllers(
where: {
_and: [
{ status: { _eq: $status } },
{ createdAt: { _gte: $dateRange } }
]
}
order_by: { updatedAt: desc }
limit: 50
) {
id
title
did
status
createdAt
updatedAt
dataSubjectsAggregate {
aggregate {
count
}
}
}
}
GraphQL
query GetCompletePrivacyProfile($dataSubjectId: uuid!) {
dataSubjects_by_pk(id: $dataSubjectId) {
id
did
createdAt
dataProcessingActivities(
order_by: { triggeredAt: desc }
limit: 100
) {
id
typeId
sourceId
triggeredAt
type {
label
}
source {
label
}
}
dataSubjectsRightsRequests {
id
requestType
status
createdAt
verified
}
dataController {
id
title
did
}
}
}
GraphQL
query GetComplianceMetrics($dataControllerId: uuid!) {
rightsRequestStats: dataSubjectsRightsRequestsAggregate(
where: {
dataSubject: { dataControllerId: { _eq: $dataControllerId } }
}
) {
aggregate {
count
}
}
processingActivityStats: dataProcessingActivitiesAggregate(
where: {
dataSubject: { dataControllerId: { _eq: $dataControllerId } }
}
) {
aggregate {
count
}
}
}
Core Privacy Operations¶
Data Subject Management¶
GraphQL
# Query data subjects
query GetDataSubjects($dataControllerId: uuid!) {
dataSubjects(
where: { dataControllerId: { _eq: $dataControllerId } }
) {
id
did
createdAt
dataController {
id
title
}
}
}
Processing Activity Logging¶
GraphQL
# Real-time processing activity stream
subscription StreamDataProcessingActivities($dataControllerId: uuid!) {
dataProcessingActivities(
where: {
dataSubject: { dataControllerId: { _eq: $dataControllerId } }
}
order_by: { triggeredAt: desc }
) {
id
typeId
sourceId
triggeredAt
dataSubject {
did
}
}
}
Rights Request Processing¶
GraphQL
# Query rights requests
query GetRightsRequests($dataSubjectId: uuid!) {
dataSubjectsRightsRequests(
where: { dataSubjectId: { _eq: $dataSubjectId } }
order_by: { createdAt: desc }
) {
id
requestType
status
createdAt
verified
}
}
Security¶
| Feature | Details |
|---|---|
| JWT Authentication | Industry-standard tokens with 15-minute expiration |
| Role-Based Access | Granular permissions: anonymous, dataSubject, user |
| Request Validation | Input sanitization and type checking |
| Audit Logging | Complete request/response audit trail |
| HTTPS Enforcement | TLS encryption for all communications |
| Rate Limiting | 1000 req/15 min on webhook endpoints |
Regulatory Compliance¶
- Article 6: Legal basis tracking and validation
- Articles 12-14: Privacy notice generation and management
- Article 15: Automated data subject access requests
- Article 16: Data rectification processing
- Article 17: Right to erasure automation
- Article 18: Data processing restriction
- Article 20: Data portability export generation
- Article 21: Objection processing and opt-out management
- Right to Know: Comprehensive data disclosure automation
- Right to Delete: Consumer data deletion processing
- Right to Opt-Out: Sale and sharing restriction management
- Right to Non-Discrimination: Fair treatment validation
- Sensitive Personal Information: Enhanced protection controls
Client Integration¶
TypeScript
import { GraphQLClient, gql } from 'graphql-request';
const client = new GraphQLClient('https://api.dxtra.ai/v1/graphql', {
headers: {
'Authorization': `Bearer ${jwtToken}`,
'X-Hasura-Role': 'user',
},
});
const GET_DATA_CONTROLLERS = gql`
query GetDataControllers {
dataControllers {
id
title
did
createdAt
}
}
`;
const data = await client.request(GET_DATA_CONTROLLERS);
Python
from gql import gql, Client
from gql.transport.requests import RequestsHTTPTransport
import os
transport = RequestsHTTPTransport(
url='https://api.dxtra.ai/v1/graphql',
headers={
'Authorization': f'Bearer {os.getenv("DXTRA_JWT_TOKEN")}',
'X-Hasura-Role': 'user',
},
use_json=True,
)
client = Client(transport=transport, fetch_schema_from_transport=True)
query = gql("""
query GetDataSubjects($dataControllerId: uuid!) {
dataSubjects(
where: { dataControllerId: { _eq: $dataControllerId } }
) {
id
did
createdAt
}
}
""")
result = client.execute(query, variable_values={
'dataControllerId': 'your-controller-id'
})
TypeScript
import { ApolloClient, InMemoryCache, ApolloProvider, useQuery, gql } from '@apollo/client';
import { setContext } from '@apollo/client/link/context';
import { createHttpLink } from '@apollo/client';
const httpLink = createHttpLink({ uri: 'https://api.dxtra.ai/v1/graphql' });
const authLink = setContext(async (_, { headers }) => ({
headers: {
...headers,
authorization: `Bearer ${await getAccessToken()}`,
'X-Hasura-Role': 'user',
}
}));
const client = new ApolloClient({
link: authLink.concat(httpLink),
cache: new InMemoryCache()
});
function DataControllersList() {
const { data, loading, error } = useQuery(gql`
query GetDataControllers {
dataControllers { id title did }
}
`);
if (loading) return <div>Loading...</div>;
if (error) return <div>Error: {error.message}</div>;
return (
<ul>
{data.dataControllers.map((dc: any) => (
<li key={dc.id}>{dc.title}</li>
))}
</ul>
);
}
Prerequisites¶
Before using the DX API in production:
- Active Dxtra account with API access enabled
- Data Controller configured with DID
- API key generated and securely stored
- GraphQL client installed (GraphiQL, Altair, or preferred tool)
Next Steps¶
- First API Request -- Get up and running with your first API call
- GraphQL Reference -- Complete schema documentation
- Webhooks -- Real-time event processing and integration setup
- Error Handling -- Comprehensive error handling
- Actions Reference -- All available GraphQL actions