API Overview
The GDPR Data Management app provides various integration points and API access methods to enable automation and integration with external systems.
Integration Capabilities
Business Central Web Services
The app tables and pages can be exposed as web services using Business Central's standard web service functionality:
Available Objects for Web Service Exposure
- Tables: All GDPR tables can be exposed for read/write access
- Pages: GDPR pages can be exposed for UI automation
- Codeunits: Selected codeunits can be exposed for function calls
Web Service Types
- SOAP Services: Traditional XML-based web services
- OData Services: RESTful services for modern integration
- API Pages: BC v14+ API pages for standardized REST access
Codeunit Integration
DD GDPR Documentation Mgt (Codeunit 11195990)
Purpose: Data initialization and documentation management Key Functions:
procedure Initialize()
// Initializes GDPR data structure and permission sets
procedure InsertElement(Type: Enum; ParentNo: Integer; Level: Integer; Description: Text)
// Creates new documentation elements programmaticallyQTEAM Data Cleaner (Codeunit 11195993)
Purpose: Data cleaning operations Key Functions:
procedure ClearTableFields(TableNo: Integer; FieldList: List of [Integer]; Filters: Text): Boolean
// Cleans specified fields in a table with given filters
procedure GetMessageAfterFieldCleaning(): Text
// Returns status message after cleaning operations
procedure StartCleaningSession(SessionName: Text; Description: Text): Integer
// Starts a new cleaning session and returns session IDQteamFilterSelector (Codeunit 11195992)
Purpose: Advanced filtering and record selection Key Functions:
procedure BuildFilter(TableNo: Integer; Criteria: Text): Text
// Builds filter strings for data selection
procedure ValidateFilter(TableNo: Integer; FilterText: Text): Boolean
// Validates filter syntax and table compatibilityREST API Integration
OData Endpoints
Reading GDPR Configuration
GET /api/v2.0/{tenant}/companies({companyId})/gdprSetup
GET /api/v2.0/{tenant}/companies({companyId})/gdprDocumentationElements
GET /api/v2.0/{tenant}/companies({companyId})/gdprDataCategoriesAccessing Cleaning Logs
GET /api/v2.0/{tenant}/companies({companyId})/cleanerSessionLogs
GET /api/v2.0/{tenant}/companies({companyId})/cleanerLogEntriesCustom API Endpoints
GDPR Configuration API
GET /api/qtgdpr/v1.0/companies({companyId})/configuration
POST /api/qtgdpr/v1.0/companies({companyId})/configuration
PATCH /api/qtgdpr/v1.0/companies({companyId})/configuration({configId})Data Classification API
GET /api/qtgdpr/v1.0/companies({companyId})/elements
POST /api/qtgdpr/v1.0/companies({companyId})/elements
PATCH /api/qtgdpr/v1.0/companies({companyId})/elements({elementId})
DELETE /api/qtgdpr/v1.0/companies({companyId})/elements({elementId})Data Cleaning API
POST /api/qtgdpr/v1.0/companies({companyId})/cleaning/sessions
GET /api/qtgdpr/v1.0/companies({companyId})/cleaning/sessions({sessionId})
POST /api/qtgdpr/v1.0/companies({companyId})/cleaning/execute
GET /api/qtgdpr/v1.0/companies({companyId})/cleaning/status({sessionId})Authentication and Authorization
Business Central Authentication
All API access requires proper Business Central authentication:
OAuth 2.0 (Recommended)
Authorization: Bearer {access_token}Basic Authentication (Legacy)
Authorization: Basic {base64(username:password)}Permission Requirements
For Read Operations
- Permission Set: GDPR-USER or higher
- Table Permissions: Read access to relevant GDPR tables
- Web Service Access: User must be enabled for web service access
For Write Operations
- Permission Set: GDPR-ADMIN
- Table Permissions: Read/Insert/Modify/Delete as needed
- Codeunit Permissions: Execute permission on GDPR codeunits
Integration Examples
PowerShell Integration
Reading GDPR Configuration
# Set up authentication
$baseUrl = "https://api.businesscentral.dynamics.com/v2.0/tenant/environment/companies"
$headers = @{
"Authorization" = "Bearer $accessToken"
"Content-Type" = "application/json"
}
# Get GDPR setup
$setupUrl = "$baseUrl/gdprSetup"
$setup = Invoke-RestMethod -Uri $setupUrl -Method GET -Headers $headers
# Get documentation elements
$elementsUrl = "$baseUrl/gdprDocumentationElements"
$elements = Invoke-RestMethod -Uri $elementsUrl -Method GET -Headers $headersTriggering Data Cleaning
# Start cleaning session
$sessionData = @{
name = "API Cleanup Session"
description = "Automated cleanup via API"
priority = "Normal"
} | ConvertTo-Json
$sessionUrl = "$baseUrl/api/qtgdpr/v1.0/cleaning/sessions"
$session = Invoke-RestMethod -Uri $sessionUrl -Method POST -Body $sessionData -Headers $headers
# Execute cleaning
$cleaningData = @{
sessionId = $session.id
tableNumber = 18
fieldNumbers = @(2, 5, 102) # Name, Address, E-Mail
filters = "Last Date Modified<01/01/2020"
} | ConvertTo-Json
$executeUrl = "$baseUrl/api/qtgdpr/v1.0/cleaning/execute"
$result = Invoke-RestMethod -Uri $executeUrl -Method POST -Body $cleaningData -Headers $headersC# Integration
GDPR Client Class
public class GDPRClient
{
private readonly HttpClient _httpClient;
private readonly string _baseUrl;
public GDPRClient(HttpClient httpClient, string baseUrl, string accessToken)
{
_httpClient = httpClient;
_baseUrl = baseUrl;
_httpClient.DefaultRequestHeaders.Authorization =
new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", accessToken);
}
public async Task<GDPRSetup> GetSetupAsync(string companyId)
{
var response = await _httpClient.GetAsync($"{_baseUrl}/companies({companyId})/gdprSetup");
response.EnsureSuccessStatusCode();
return await response.Content.ReadAsAsync<GDPRSetup>();
}
public async Task<CleaningSession> StartCleaningSessionAsync(string companyId, CleaningRequest request)
{
var json = JsonConvert.SerializeObject(request);
var content = new StringContent(json, Encoding.UTF8, "application/json");
var response = await _httpClient.PostAsync(
$"{_baseUrl}/companies({companyId})/api/qtgdpr/v1.0/cleaning/sessions",
content);
response.EnsureSuccessStatusCode();
return await response.Content.ReadAsAsync<CleaningSession>();
}
}Python Integration
GDPR API Client
import requests
import json
from datetime import datetime
class GDPRAPIClient:
def __init__(self, base_url, access_token):
self.base_url = base_url
self.headers = {
'Authorization': f'Bearer {access_token}',
'Content-Type': 'application/json'
}
def get_documentation_elements(self, company_id):
url = f"{self.base_url}/companies({company_id})/gdprDocumentationElements"
response = requests.get(url, headers=self.headers)
response.raise_for_status()
return response.json()
def start_cleaning_session(self, company_id, session_name, description):
url = f"{self.base_url}/companies({company_id})/api/qtgdpr/v1.0/cleaning/sessions"
data = {
'name': session_name,
'description': description,
'createdDateTime': datetime.utcnow().isoformat() + 'Z'
}
response = requests.post(url, headers=self.headers, data=json.dumps(data))
response.raise_for_status()
return response.json()
def execute_cleaning(self, company_id, session_id, table_no, field_list, filters=""):
url = f"{self.base_url}/companies({company_id})/api/qtgdpr/v1.0/cleaning/execute"
data = {
'sessionId': session_id,
'tableNumber': table_no,
'fieldNumbers': field_list,
'filters': filters
}
response = requests.post(url, headers=self.headers, data=json.dumps(data))
response.raise_for_status()
return response.json()Webhook Integration
Event Notifications
The app can trigger webhooks for key events (requires custom development):
Available Events
- Session Started: When a cleaning session begins
- Session Completed: When a cleaning session finishes
- Large Volume Operations: When cleaning operations exceed thresholds
- Error Conditions: When critical errors occur
Webhook Payload Example
{
"eventType": "SessionCompleted",
"timestamp": "2026-03-21T14:30:00Z",
"companyId": "12345678-1234-1234-1234-123456789012",
"sessionId": "SES-2026-0321-001",
"data": {
"sessionName": "Customer Data Cleanup",
"recordsProcessed": 1250,
"fieldsCleared": 3750,
"errorCount": 5,
"duration": "00:45:23"
}
}Error Handling
API Error Responses
All API endpoints return standard HTTP status codes and error details:
Standard Error Format
{
"error": {
"code": "GDPR_PERMISSION_DENIED",
"message": "User does not have permission to perform this operation",
"details": [
{
"code": "MISSING_PERMISSION",
"message": "GDPR-ADMIN permission set required",
"target": "User Permission Sets"
}
]
}
}Common Error Codes
- GDPRPERMISSIONDENIED: Insufficient permissions
- GDPRINVALIDFILTER: Invalid filter expression
- GDPRSESSIONNOT_FOUND: Session ID not found
- GDPRTABLELOCKED: Target table locked by another process
- GDPRVALIDATIONERROR: Data validation failed
Best Practices
API Usage Guidelines
Authentication
- Use OAuth 2.0: Preferred authentication method
- Token Management: Implement proper token refresh logic
- Secure Storage: Store credentials securely (never in code)
Error Handling
- Check Status Codes: Always verify HTTP status codes
- Implement Retry Logic: Handle temporary failures gracefully
- Log Errors: Maintain logs for troubleshooting
- Fallback Mechanisms: Plan for API unavailability
Performance
- Batch Operations: Group multiple operations where possible
- Rate Limiting: Respect API rate limits and implement backoff
- Caching: Cache configuration data to reduce API calls
- Async Processing: Use asynchronous operations for large datasets
Security Considerations
Data Protection
- Encrypt Data: Use HTTPS for all API communications
- Minimize Exposure: Only expose necessary data via APIs
- Access Logging: Log all API access for audit purposes
- Regular Reviews: Periodically review API access and permissions
Compliance
- Audit Trails: Maintain comprehensive audit logs
- Data Minimization: Only access data necessary for specific purposes
- Retention Policies: Apply appropriate data retention to API logs
- Cross-Border: Consider data residency requirements
Next Steps
For more integration information:
- Codeunit Integration: Detailed codeunit usage
- Custom Extensions: Building custom extensions
- Troubleshooting: API troubleshooting guide