You may need to have information about an Issue or end user redacted under the following circumstances:
- An end user has sent sensitive data in a message to an Agent unknowingly.
- An end user has attached or uploaded a file with sensitive data to an Issue.
- An end user has invoked Article 17 of the GDPR, “Right to Be Forgotten”.
The following types of information can be redacted via a redaction request:
- Username
- The content of messages sent by the Agent or end user
- CSAT feedback
- Attachments
- Custom Issue Fields
- Campaigns related data (user attributes)
- Titles and user identifiers in Helpshift Analytics
Please note the following regarding our Issue redaction processes:
- Archived Issues will be redacted along with Open and Closed Issues.
- After Issue or user data has been redacted, all redacted Issues will look like this in your Dashboard:
To see what an Issue will look like to an end user after redaction, see What will my end users see after an Issue has been redacted?
There are two ways to submit a redaction request, as detailed below. Option 1 is recommended, as it streamlines the process, is easier for a larger amount of redaction requests, and has a faster completion time. Option 2 should be used only for small one-off requests, and is scheduled to be deprecated in mid-2019.
1. Complete redaction requests using our REST APIs (recommended)
Helpshift provides a set of REST APIs that you can use to automatically create redaction requests to have personal support data removed per GDPR requirements. Redactions are processed on a weekly basis.
These redaction requests can be either ‘User’, ‘Message’, ‘Attachment’ or ‘Issue’ redactions, which indicates what type of content is to be redacted from our system (see the table below for details). Your organization will then use the REST /redaction API and provide a set of requests to Helpshift for processing. Once created, Helpshift will automatically schedule a periodic batch process that will perform the actual removal of that information. Your organization can periodically use the /redaction API to monitor the status of the current set of redaction requests.
To provide flexibility, user redactions can be identified via a variety of different methods, as defined in the table below.
Type | What is redacted? | How is the information identified? | Creating a redaction request |
---|---|---|---|
User | User redactions will redact a specific HS user object from Helpshift, along with all private data for the user, and all Issues associated with that user. | HS user objects can found under the /users endpoint, or through the ‘reporter’ property on a specific Issue. | User redactions are created by indicating that the ”redaction_type’ is ‘user’, then providing one of the following identities: |
Issue | Issue redactions will remove private data from a specific Issue, and also remove the association with any user object. However, the user object and any other associated Issues will remain in Helpshift. | This is identified via the Helpshift Issue ID. | Issue redactions are created by indicating that the ”redaction_type’ is ‘issue’, then providing the ID of the Issue. |
Message | Message redaction will remove the message contents of the given Message ID. | This is identified via the Helpshift Message ID. | Message redactions are created by indicating that the ‘redaction_type’ is ‘message’, then providing the ID of the Message. |
Attachment | Attachment redaction will delete all the attachments in a given message. | The attachments are identified via the Helpshift Message ID. | Attachment redactions are created by indicating that the ‘redaction_type’ is ‘attachment’, then providing the ID of the Message that contains the attachment/s. |
Once your organization has a set of users or a set of Issues identified for redaction, you can use the REST APIs to create and monitor these redaction requests. (See our developer documentation on getting started to learn more about how to use the REST API).
PART 1: Creating Redaction Requests (POST /redaction)
API: POST /redaction
The POST /redaction API can be used to submit a set of redaction requests. They can be given in the ‘requests’ parameter as an array of requests in JSON format, as follows:
requests: [ {
redaction_type (string) = [‘issue’, ‘user’],
property (string) = [’email’, ‘issue_id’, ‘hs_user_id’, ‘external_user_id’],
value (string),
app_publish_id (string),
external_redaction_id (string, optional) } ]
A maximum of 25 redaction requests is allowed per API call. The requests object contains the following properties:
Property | Type | Required? | Description |
---|---|---|---|
redaction_type | String | Yes | “user” or “issue” to indicate the type of redaction |
property | String | Yes | “user_id” OR “hs_user_id” OR “issue_id” OR “email” to indicate what identity will be provided |
value | String | Yes | The actual identity (User ID, HS User ID, Issue ID or Email) used to identify what to be redacted |
app_publish_id | String | Yes | The app that the redaction will take place for – this must match the app for the user or Issue |
external_redaction_id | String | No | An optional external tracking ID that can be set when creating the redaction request |
Example:
Sample CURL Request:
curl -u <api-key>: -H ‘Accept:application/json’ ‘https://api.helpshift.com/v1/<domain>/redactions’ –data-urlencode ‘requests=[{“redaction_type”: “issue”, “property”:”issue_id”,”value”:”6001″, “app_publish_id”: “99”,”external_redaction_id”:”KB-tracker”}]’
Response:
The following will be returned from the POST request:
Parameter | Type | Description |
---|---|---|
redaction_id | ID | A unique ID used to track the redaction request |
success | T/F | Indication if the creation of the redaction request was a success |
external_redaction_id | ID | The external ID given in the request for tracking |
eta | Date | The estimated date when the job may complete |
reason | String | If there is a failure to create a request, this is the reason why that request failed – user id / issue id is invalid / is already redacted / has existing redaction request / is part of existing user redaction request |
Example Response:
PART 2: Confirming Redaction Status
API: GET /redaction/status
The GET /redaction/status API will return a set of existing redaction requests along with the current status of each request.
Filters:
The GET /redaction/status API is used to identify specific redaction requests. At least one of the following filters is required.
Filter | Use |
---|---|
/redactions/status?external_redaction_id=value | Uses an external redaction ID to filter redaction requests |
/redactions/status?redaction_id=value | Find a specific redaction request based on redaction ID |
/redactions/status?issue_id=value | Find redaction request based on issue ID |
/redactions/status?email=value | Find redaction requests created for a specific email address |
/redactions/status?external_user_id=value | Find redaction requests created based on the external user ID |
/redactions/status?hs_user_id=value | Find redaction requests created based on the Helpshift user ID |
Additional Parameters:
- page(Optional)
- = Returns a specific page when handling large lists
Response:
The GET request will return a JSON response that includes the set of redaction request objects in the following format.
{
“redaction_id”: “string”,
“status”: “created”,
“eta”: “string”,
“reason”: “string”,
“request”: {
“redaction_type”: “issue”,
“property”: “email”,
“value”: “string”,
“app_publish_id”: “string”,
“external_redaction_id”: “string”
}
}
Request object details:
Properties | Type | Description |
---|---|---|
redaction_id | String | HS returned ID of the redaction request |
eta | String | expected date of redaction |
status | String | created: The export or remove job is started done: The export or remove job is complete not_found: There is no export or remove job with the given job id running: The export or remove job is in progress waiting: The export or remove job has not started |
reason | String | Reason for any failure to process a request |
request | Object | Original redaction request object passed in through POST |
Examples:
Using the GET /redactions/status?(filter) to list redactions
CURL:
curl -u <api-key>: ‘https://api.helpshift.com/v1/<domain>/redactions/status?external_redaction_id=KB-tracker&page=1
Example Response:
2. Manually submit CSVs to Helpshift Support
Please note: this option should be reserved for small, one-off redaction requests, and is scheduled to be deprecated in mid-2019.
To submit a manual request for Issue redaction to our support team, complete the following steps:
1. Create a CSV file and name it {YourDomain}_RedactionRequest_AdminName_DDMMYY (date, month, year).
2. Within that CSV file, copy-paste the following information about the Issue. All fields are mandatory.
- Column A: your domain name (exact match as it appears in your Dashboard URL)
- Column B: the app publish ID, which can be found on your Settings > App Settings page (per the screenshot below)
- Column C: the Issue ID number (you only need to enter one, numbers only)
- Column D: the end user’s email address (only required for user redaction requests; optional for Issue redaction requests)
- Column E: the type of redaction, either ‘I’ for an entire Issue or ‘U’ for an end user
- Please note: ‘U’ is meant for end users who are invoking their “Right to be Forgotten” per GDPR legislation.
We have provided our template spreadsheet you can use to format and submit your redaction requests. Please note that the header row is required in order for this request to be processed.
3. Once you’ve created this spreadsheet, notify the Admin of your team that you have a redaction request.
4. As the Admin, you should then review the redaction nominations and the CSV filename to ensure everything is correct. Once you’ve done so, send it to our support team at support@helpshift.com and attach the .CSV file with the file name as: {DOMAIN}_RedactionRequest_AdminName_DDMMYY.
Our support team will follow up with an email confirmation once the submitted file has been processed for redaction. We will process all redaction requests within 28 days from the time of submission.