| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| // |
| Apache Unomi provides an endpoint to manage visitor privacy. You will find in this section information about what it |
| includes as well as how to use it. |
| |
| ==== Setting up access to the privacy endpoint |
| |
| The privacy endpoint is a bit special, because despite being protected by basic authentication as the rest of the REST |
| API is is actually designed to be available to end-users. |
| |
| So in effect it should usually be proxied so that public internet users can access the endpoint but the proxy should |
| also check if the profile ID wasn't manipulated in some way. |
| |
| Apache Unomi doesn't provide (for the moment) such a proxy, but basically it should do the following: |
| |
| 1. check for potential attack activity (could be based on IDS policies or even rate detection), and at the minimum check |
| that the profile ID cookie seems authentic (for example by checking that it is often coming from the same IP or the same |
| geographic location) |
| 2. proxy to /cxs/privacy |
| |
| ==== Anonymizing a profile |
| |
| It is possible to anonymize a profile, meaning it will remove all "identifying" property values from the profile. |
| Basically all properties with the tag `personalIdentifierProperties` will be purged from the profile. |
| |
| Here's an example of a request to anonymize a profile: |
| |
| [source] |
| ---- |
| curl -X POST http://localhost:8181/cxs/profiles/{profileID}/anonymize?scope=ASCOPE |
| ---- |
| |
| where `{profileID}` must be replaced by the actual identifier of a profile |
| and `ASCOPE` must be replaced by a scope identifier. |
| |
| ==== Downloading profile data |
| |
| It is possible to download the profile data of a user. This will only download the profile for a user using the |
| specified ID as a cookie value. |
| |
| Warning: this operation can also be sensitive so it would be better to protected with a proxy that can perform some |
| validation on the requests to make sure no one is trying to download a profile using some kind of "guessing" of profile |
| IDs. |
| |
| [source] |
| ---- |
| curl -X GET http://localhost:8181/client/myprofile.[json,csv,yaml,text] \ |
| --cookie "context-profile-id=PROFILE-ID" |
| ---- |
| |
| where `PROFILE-ID` is the profile identifier for which to download the profile. |
| |
| ==== Deleting a profile |
| |
| It is possible to delete a profile, but this works a little differently than you might expect. In all cases the data |
| contained in the profile will be completely erased. If the `withData` optional flag is set to true, all past event and |
| session data will also be detached from the current profile and anonymized. |
| |
| [source] |
| ---- |
| curl -X DELETE http://localhost:8181/cxs/profiles/{profileID}?withData=false --user karaf:karaf |
| ---- |
| |
| where `{profileID}` must be replaced by the actual identifier of a profile |
| and the `withData` specifies whether the data associated with the profile must be anonymized or not |
| |
| ==== Related |
| |
| You might also be interested in the <<Consent API>> section that describe how to manage profile consents. |