REST Endpoints¶
Dxtra exposes 17 REST endpoints via Hasura's RESTified Endpoints feature. These provide a traditional REST interface to pre-defined GraphQL queries and mutations, useful for integrations that cannot use GraphQL directly.
Base URL¶
All REST endpoints are available at:
For local development:
Authentication¶
REST endpoints use the same authentication as the GraphQL API:
All REST Endpoints¶
| Endpoint URL | Query Name | Methods | Purpose |
|---|---|---|---|
/api/rest/answerfaq | AnswerFAQ | GET, POST | AI-powered FAQ answering |
/api/rest/getDataControllerFaqs | GetDataControllerFAQs | GET, POST | Retrieve FAQ entries for a data controller |
/api/rest/getdatacontrollerdetails | GetDataControllerDetails | GET, POST | Retrieve data controller organization details |
/api/rest/getdatacontrollerpurposedataitems | GetDataControllerPurposeDataItems | GET, POST | Get data items mapped to purposes |
/api/rest/getdatacontrollerpurposes | GetDataControllerPurposes | GET, POST | List all purposes for a data controller |
/api/rest/getdatacontrollerpurposetemplatelinks | GetDataControllerPurposeTemplateLinks | GET, POST | Get purpose-to-template linkages |
/api/rest/getdatacontrollerusers | GetDataControllerUsers | GET, POST | List team members for a data controller |
/api/rest/getdataprocessingactivityfields | GetDataProcessingActivityFields | GET, POST | Get fields for data processing activities |
/api/rest/getdatasubjectdatamapping | GetDataSubjectDataMapping | GET, POST | Retrieve data mapping for a data subject |
/api/rest/getdatasubjectscountbycontroller | GetDataSubjectsCountByController | GET, POST | Count data subjects per controller |
/api/rest/getdatasubjectsrightsrequests | GetDataSubjectsRightsRequests | GET, POST | List rights requests for a data subject |
/api/rest/getnotificationmessagesbydatasubject | GetNotificationMessagesByDataSubject | GET, POST | Get notifications for a data subject |
/api/rest/getprivacynotices | GetPrivacyNotices | GET, POST | Retrieve privacy notices |
/api/rest/getpurposebusinesstemplates | GetPurposeBusinessTemplates | GET, POST | List business purpose templates |
/api/rest/getpurposeoperationaltemplates | GetPurposeOperationalTemplates | GET, POST | List operational purpose templates |
/api/rest/insertdatasubjectsrightsrequest | InsertDataSubjectsRightsRequest | GET, POST, PUT | Submit a new data subject rights request |
/api/rest/updatenotificationisread | UpdateNotificationIsRead | GET, POST | Mark a notification as read |
Endpoint Details¶
Data Controller Endpoints¶
Get Data Controller Details¶
Query: GetDataControllerDetails
Returns the full organization profile for a data controller, including name, address, DPO contact information, industry, and compliance configuration.
Get Data Controller Users¶
Query: GetDataControllerUsers
Lists all team members associated with a data controller organization, including their roles and status.
Get Data Controller FAQs¶
Query: GetDataControllerFAQs
Retrieves the configured FAQ entries for a data controller, displayed in the Transparency Center.
Purpose & Consent Endpoints¶
Get Data Controller Purposes¶
Query: GetDataControllerPurposes
Returns all configured data processing purposes for a data controller, including the legal basis, description, and consent requirements.
Get Data Controller Purpose Data Items¶
GET /api/rest/getdatacontrollerpurposedataitems
POST /api/rest/getdatacontrollerpurposedataitems
Query: GetDataControllerPurposeDataItems
Returns the specific data items (e.g., email, name, IP address) associated with each purpose.
Get Data Controller Purpose Template Links¶
GET /api/rest/getdatacontrollerpurposetemplatelinks
POST /api/rest/getdatacontrollerpurposetemplatelinks
Query: GetDataControllerPurposeTemplateLinks
Returns the mappings between purposes and their source templates (business or operational).
Get Purpose Business Templates¶
Query: GetPurposeBusinessTemplates
Lists the available business purpose templates (e.g., "Marketing Communications", "Service Delivery").
Get Purpose Operational Templates¶
Query: GetPurposeOperationalTemplates
Lists the available operational purpose templates (e.g., "Security Monitoring", "System Administration").
Data Subject Endpoints¶
Get Data Subject Data Mapping¶
Query: GetDataSubjectDataMapping
Returns the data mapping for a data subject, showing what personal data is held, which purposes it serves, and which processors have access.
Get Data Subjects Count By Controller¶
GET /api/rest/getdatasubjectscountbycontroller
POST /api/rest/getdatasubjectscountbycontroller
Query: GetDataSubjectsCountByController
Returns the count of data subjects registered under a specific data controller. Used for subscription limit checking and analytics.
Get Data Subjects Rights Requests¶
Query: GetDataSubjectsRightsRequests
Lists all rights requests (DSARs) submitted by or for a data subject, including request type, status, and timestamps.
Insert Data Subjects Rights Request¶
GET /api/rest/insertdatasubjectsrightsrequest
POST /api/rest/insertdatasubjectsrightsrequest
PUT /api/rest/insertdatasubjectsrightsrequest
Query: InsertDataSubjectsRightsRequest
Submits a new Data Subject Rights Request (DSAR). This is one of the few endpoints that also supports the PUT method. Triggers the DSAR processing workflow via the data_subject_rights_requests_insert event trigger.
Privacy Notice Endpoints¶
Get Privacy Notices¶
Query: GetPrivacyNotices
Retrieves the published privacy notices for a data controller, available in three detail levels: quickLook, overview, and full.
Processing Activity Endpoints¶
Get Data Processing Activity Fields¶
GET /api/rest/getdataprocessingactivityfields
POST /api/rest/getdataprocessingactivityfields
Query: GetDataProcessingActivityFields
Returns the field definitions for data processing activity records (Article 30 record fields).
Notification Endpoints¶
Get Notification Messages By Data Subject¶
GET /api/rest/getnotificationmessagesbydatasubject
POST /api/rest/getnotificationmessagesbydatasubject
Query: GetNotificationMessagesByDataSubject
Retrieves all notification messages for a specific data subject, including compliance alerts, DSAR status updates, and consent change confirmations.
Update Notification Is Read¶
Query: UpdateNotificationIsRead
Marks a specific notification as read. Used by the Transparency Center and dashboard notification panels.
FAQ Endpoints¶
Answer FAQ¶
Query: AnswerFAQ
AI-powered FAQ answering endpoint. Takes a question and returns an AI-generated answer scoped to the data controller's privacy configuration. This is the REST equivalent of the answerFAQ Hasura action.
Usage Notes¶
GET vs POST¶
All endpoints accept both GET and POST. Use GET for simple queries where parameters can be passed as query strings. Use POST when passing complex input objects or when the parameter data is too large for URL encoding.
GET example:
curl -H "Authorization: Bearer $TOKEN" \
"https://hasura.local.dxtra.io/api/rest/getdatasubjectscountbycontroller?dataControllerId=<uuid>"
POST example:
curl -X POST \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"dataControllerId": "<uuid>"}' \
"https://hasura.local.dxtra.io/api/rest/getdatacontrollerdetails"
Underlying Queries¶
Each REST endpoint maps to a named query in the allowed-queries collection. The query name is listed in the table above. These are the same queries available via the GraphQL API -- the REST endpoints provide an alternative access method.
Rate Limiting¶
REST endpoints share the same rate limits as the GraphQL API. See Rate Limits for details.