GDPR API

As required by the GDPR, this portal application can be used by Crobox clients’ webshop visitors to view all data that has been collected by Crobox.

Portal Application

Normally, the portal must be accessed through a pop-up window or iframe so it can use the browsers postMessage() functionality to instruct the Crobox Javascript snippet to change the (first-party) cookie settings on the client’s website. Support for this is available on client’s request and will be implemented inside the Crobox JS snippet.

For debugging purposes it’s possible to access the portal application manually from:

https://cdn.crobox.io/gdpr/pdp/index.html

The portal can be controlled through various query parameters:

Parameter

Description

containerId

6 character snippet identifier of the customers website.

visitorId

UUID (36 character) value of the visitor on the customers website. Normally stored as (first-party) _crbx cookie.

shouldNotTrack

The current state of the visitor tracking state. Normally stored as (first-party) crobox_opt_out cookie.

The portal allows a visitor to do the following actions:

  • Enable / disable (opt-out / opt-in) tracking of it’s data

  • Removal of all data previously collected by Crobox

  • Download of all data previously collected by Crobox

Additionally, there are possibilities to control those actions directly through the Crobox JS Snippet. Support for this is available in collaboration with the client.

REST API

The REST API is used by the GDPR portal application but can also be used directly to query for data or request data deletion.

get
Visitor data overview request

https://api.crobox.com/personal-data/:container_id/visitors/:visitor_id
Returns a global overview of all sessions that are collected by Crobox.
Request
Response
Request
Path Parameters
container_id
required
string
6 character snippet identifier of the customer
visitor_id
required
string
UUID (36 character) value of the visitor
Response
200: OK
Example response
{ visitorId: "...UUID...",
containerId: "......",
sessions: [{
sessionId: "...UUID...",
timestamp: "2018-08-01T00:00:00Z"
},
...
],
...
}

get
Visitor data session request

https://api.crobox.com/personal-data/:container_id/visitors/:visitor_id/:session_id
Returns detailed information about a single session that is collected by Crobox.
Request
Response
Request
Path Parameters
container_id
optional
string
6 character snippet identifier of the customer
visitor_id
optional
string
UUID (36 character) value of the visitor
session_id
optional
string
UUID (36 character) value of the session
Response
200: OK
{ browser: "Chrome",
region: {
country: "NL",
...
},
pageViews: [{
timestamp: "2018-08-01T00:00:00Z",
pageTitle: "...String...",
pageUrl: "http://..."
}...
],
...
}

get
Visitor data export request

https://api.crobox.com/personal-data/:container_id/visitors/:visitor_id/export
Returns a zip file with all data that is collected by Crobox for the visitor.
Request
Response
Request
Path Parameters
container_id
required
string
6 character snippet identifier of the customer
visitor_id
required
string
UUID (36 character) value of the visitor
Response
200: OK

delete
Visitor data delete request

https://api.crobox.com/personal-data/:container_id/visitors/:visitor_id
Deletes all information about a visitor inside the Crobox platform.
Request
Response
Request
Path Parameters
container_id
required
string
6 character snippet identifier of the customer
visitor_id
required
string
UUID (36 character) value of the visitor
Response
202: Accepted