Privacy API

The Privacy API provides endpoints for managing privacy requests and consents in Joomla, in compliance with GDPR legislation.

Base URL

/api/index.php/v1/privacy

Endpoints Overview

Privacy Requests

Method	Endpoint	Description
GET	`/privacy/requests`	Retrieve all privacy requests
GET	`/privacy/requests/{id}`	Retrieve specific request
POST	`/privacy/requests`	Create new privacy request

Privacy Consents

Method	Endpoint	Description
GET	`/privacy/consents`	Retrieve all consents
GET	`/privacy/consents/{id}`	Retrieve specific consent
DELETE	`/privacy/consents/{id}`	Delete consent

Privacy Requests

Retrieve all privacy requests

GET /api/index.php/v1/privacy/requests

Response

{
    "data": [
        {
            "type": "privacy-requests",
            "id": "1",
            "attributes": {
                "email": "user@example.com",
                "requested_at": "2024-01-15 10:30:00",
                "status": 1,
                "request_type": "export",
                "confirm_token": "abc123...",
                "confirm_token_created_at": "2024-01-15 10:30:00"
            }
        }
    ]
}

Retrieve specific request

GET /api/index.php/v1/privacy/requests/{id}

Example

curl -X GET "https://yoursite.com/api/index.php/v1/privacy/requests/1" \
  -H "X-Joomla-Token: YOUR_API_TOKEN"

Create privacy request

POST /api/index.php/v1/privacy/requests

Request Body

{
    "email": "user@example.com",
    "request_type": "export"
}

Required fields

Field	Type	Description
email	string	User email address
request_type	string	Request type

Request Types

Type	Description
export	Data export request
remove	Data removal request

Example

curl -X POST "https://yoursite.com/api/index.php/v1/privacy/requests" \
  -H "X-Joomla-Token: YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "request_type": "export"
  }'

Privacy Request Status

Value	Status
-1	Invalid
0	Pending
1	Confirmed
2	Completed

Data Export

After creating an export request, the user must confirm it via an email link. Then the data can be exported:

GET /api/index.php/v1/privacy/requests/{id}/export

Example

curl -X GET "https://yoursite.com/api/index.php/v1/privacy/requests/1/export" \
  -H "X-Joomla-Token: YOUR_API_TOKEN"

The response contains all collected user data in JSON format.

Privacy Consents

Consents are consent statements that users have given for privacy policies.

Retrieve all consents

GET /api/index.php/v1/privacy/consents

Response

{
    "data": [
        {
            "type": "privacy-consents",
            "id": "1",
            "attributes": {
                "user_id": 42,
                "state": 1,
                "created": "2024-01-15 10:30:00",
                "subject": "PLG_SYSTEM_PRIVACYCONSENT_SUBJECT",
                "body": "Privacy policy text...",
                "remind": 0
            }
        }
    ]
}

DELETE /api/index.php/v1/privacy/consents/{id}

Note

Deleting a consent record is permanent. This is usually only necessary for data removal requests.

Example

curl -X DELETE "https://yoursite.com/api/index.php/v1/privacy/consents/1" \
  -H "X-Joomla-Token: YOUR_API_TOKEN"

1. Export request

2. Removal request

Filtering

By status

GET /api/index.php/v1/privacy/requests?filter[status]=1

By type

GET /api/index.php/v1/privacy/requests?filter[request_type]=export

By email

GET /api/index.php/v1/privacy/requests?filter[email]=user@example.com

Privacy Plugins

Joomla collects data via privacy plugins. Default plugins:

Plugin	Data collected
Privacy - Contacts	Contact form data
Privacy - Content	User's articles
Privacy - User	User account data
Privacy - Action Logs	Action logs
Privacy - Consents	Consent records

Example: Automatic export

<?php
/**
 * Automatically process privacy export request
 */
function processPrivacyExport($requestId) {
    $url = "https://yoursite.com/api/index.php/v1/privacy/requests/{$requestId}";
    $token = 'YOUR_API_TOKEN';

    // Check status
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_HTTPHEADER, [
        'X-Joomla-Token: ' . $token
    ]);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

    $response = json_decode(curl_exec($ch), true);
    curl_close($ch);

    // If confirmed, retrieve export
    if ($response['data']['attributes']['status'] == 1) {
        $exportUrl = $url . '/export';
        // ... retrieve export
    }

    return $response;
}
?>

Privacy compliance

Make sure to process privacy requests within the legal timeframe (usually 30 days). Use the API to automate this process.

Base URL​

Endpoints Overview​

Privacy Requests​

Privacy Consents​

Privacy Requests​

Retrieve all privacy requests​

Response​

Retrieve specific request​

Example​

Create privacy request​

Request Body​

Required fields​

Request Types​

Example​

Privacy Request Status​

Data Export​

Example​

Privacy Consents​

Retrieve all consents​

Response​

Delete consent​

Example​

GDPR Workflow​

1. Export request​

2. Removal request​

Filtering​

By status​

By type​

By email​

Privacy Plugins​

Example: Automatic export​

Base URL

Endpoints Overview

Privacy Requests

Privacy Consents

Privacy Requests

Retrieve all privacy requests

Response

Retrieve specific request

Example

Create privacy request

Request Body

Required fields

Request Types

Example

Privacy Request Status

Data Export

Example

Privacy Consents

Retrieve all consents

Response

Delete consent

Example

GDPR Workflow

1. Export request

2. Removal request

Filtering

By status

By type

By email

Privacy Plugins

Example: Automatic export