Last updated: 2026-04-06

Reference

API Overview¶

Dxtra provides a GraphQL API for managing privacy compliance data and integrations.

Quick Start¶

BeginnerExperienced

New to APIs? Start here for step-by-step guidance.

Authentication Setup -- Get your API key (5 min)
First API Request -- Test basic connectivity (10 min)
Simple Examples -- Copy-paste code samples (15 min)

Know APIs? Jump to what you need.

GraphQL Schema -- Complete API reference
Authentication -- JWT token setup
Code Examples -- Production patterns
Error Handling -- Best practices

Core Features¶

GraphQL API -- Queries and mutations with role-based access control
REST endpoints -- Select GraphQL queries exposed as REST for simple HTTP access
Webhooks -- Receive data from third-party integrations (Shopify, Stripe, etc.)

Common Use Cases¶

Consent Management -- Track user consent form submissions and preferences
Data Subject Rights -- Process access, deletion, and portability requests
Compliance Monitoring -- Track privacy compliance status and generate reports
Third-party Integration -- Sync privacy data with external services via webhooks

GraphQL API¶

Access Dxtra's privacy data using GraphQL queries and mutations.

API Endpoint¶

Environment	GraphQL API
Production	`https://api.dxtra.ai/v1/graphql`

Schema Structure¶

Dxtra's GraphQL schema provides access to privacy compliance data:

Core Tables:

dataSubjects -- Individual privacy subjects
dataSubjectConsentFormValues -- Consent preferences and form submissions
dataSubjectsRightsRequests -- Data subject access, deletion, and portability requests
dataControllers -- Organizations managing privacy data
dataProcessingActivities -- Record of processing activities (ROPA)

Basic Query Example¶

GraphQL

query GetDataSubject($id: uuid!) {
  dataSubject(id: $id) {
    id
    did
    createdAt
    updatedAt
    dataController {
      id
      title
    }
  }
}

Variables:

JSON

{
  "id": "550e8400-e29b-41d4-a716-446655440000"
}

Basic Mutation Example¶

GraphQL

mutation UpdateConsentValue($id: uuid!, $value: String!) {
  updateDataSubjectConsentFormValue(
    pk_columns: { id: $id }
    _set: { value: $value }
  ) {
    id
    value
    updatedAt
    dataSubject {
      id
    }
  }
}

Variables:

JSON

{
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "value": "true"
}

Role-Based Access Control

Dxtra uses role-based access to control data access:

Role	Description
`anonymous`	Limited read access for public transparency widgets and consent tracking
`dataSubject`	User's own privacy data only
`user`	Full access to organization's privacy data

Specify the role using the X-Hasura-Role header in API requests.

Key Resources¶

Authentication -- Set up API access with JWT tokens
GraphQL Reference -- Complete schema documentation
Error Handling -- Handle API responses
Rate Limits -- API usage limits

REST Endpoints¶

Selected GraphQL queries are available as REST endpoints for simple HTTP access without GraphQL knowledge.

Available Endpoints¶

Dxtra exposes the following REST endpoints (all accept GET or POST):

Endpoint	Description
`GET /api/rest/answerfaq`	AI-powered FAQ responses
`GET /api/rest/getDataControllerFaqs`	List data controller FAQs
`GET /api/rest/getdatacontrollerdetails`	Data controller details
`GET /api/rest/getdatacontrollerpurposes`	Processing purposes
`GET /api/rest/getdatacontrollerpurposedataitems`	Purpose data items
`GET /api/rest/getdatacontrollerpurposetemplatelinks`	Purpose template links
`GET /api/rest/getdatacontrollerusers`	Data controller users
`GET /api/rest/getdataprocessingactivityfields`	Processing activity fields
`GET /api/rest/getdatasubjectdatamapping`	Data subject data mapping
`GET /api/rest/getdatasubjectscountbycontroller`	Data subject count
`GET /api/rest/getdatasubjectsrightsrequests`	Rights requests
`GET /api/rest/getnotificationmessagesbydatasubject`	Notifications by data subject
`GET /api/rest/getprivacynotices`	Privacy notices
`GET /api/rest/getpurposebusinesstemplates`	Business purpose templates
`GET /api/rest/getpurposeoperationaltemplates`	Operational purpose templates
`POST /api/rest/insertdatasubjectsrightsrequest`	Submit rights request
`PUT /api/rest/updatenotificationisread`	Mark notification as read

REST endpoints return the same data as their GraphQL equivalents but use URL parameters instead of GraphQL queries.

Example:

Bash

curl -H "Authorization: Bearer YOUR_JWT_TOKEN" \
     -H "X-Hasura-Role: user" \
     "https://api.dxtra.ai/api/rest/getdatacontrollerdetails"

Webhooks¶

Dxtra uses webhooks for third-party service integration. Configure webhook endpoints in external services (Shopify, Stripe, Mailchimp, etc.) to send data to Dxtra.

Integration Webhook URL Pattern¶

Text Only

https://conduit.dxtra.ai/api/v1/integrations/{service}/event?did={YOUR_DID}&dxKey={YOUR_DX_KEY}

Supported Integrations:

Shopify
Stripe
WooCommerce
Mailchimp
Customer.io
Eventbrite
Klaviyo
QuickBooks
Survey Monkey
HubSpot
Salesforce
Xero
NetSuite
Sabre / SynXis

See the Webhook Guide for configuration details and authentication requirements.

Event Notifications

Dxtra does not support outbound webhook notifications to external applications. Event triggers are used internally for platform automation only.

Code Examples¶

Sample implementations in popular programming languages.

Node.js Samples -- Express.js middleware and production patterns
Python Samples -- Requests and async GraphQL client examples

Basic Authentication Example¶

JavaScript

const jwt = await fetch('https://auth.dxtra.ai/v1/signin/pat', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({ personalAccessToken: 'your-api-key' })
}).then(r => r.json()).then(data => data.session.accessToken);

Best Practices¶

Query Optimization¶

Use limits -- Always limit result sets to prevent large responses
Select specific fields -- Only request the data you need
Use pagination -- For large datasets, implement cursor-based pagination

Security¶

API Key Management -- Store API keys securely and rotate regularly
HTTPS Only -- Always use encrypted connections
Input Validation -- Validate all input parameters
Rate Limiting -- Respect API rate limits to avoid throttling

Support¶

Authentication Guide -- Set up API access
GraphQL Reference -- Complete schema documentation
Webhook Guide -- Set up third-party integrations
Code Examples -- Integration samples

For technical questions, email privacy@dxtra.ai.

Next Steps¶

Authentication -- Set up API access with JWT tokens and API keys
First Request -- Make your first API call with a complete walkthrough
Integrations -- Connect third-party services like Shopify and Stripe