ErasureDocs
API Reference

Rights API

Public OTP intake and operator cases, systems, maps, evidence.

Rights API

Source: app_docs/api.md, app_docs/guide/rights.md, app_docs/guide/api.md.

Terminology: engineering Case = product Rights request. HTTP connectors = product Systems.


Public intake (OTP)

Auth: none (public). Abuse controls: IP + email rate limits, OTP attempt caps, hashed OTP at rest.
Base: /api/rights/v1/orgs/:orgSlug
Flow: initiate OTP → verify OTP → then create VERIFIED DELETE Case. No case before verify.

Does not use legacy /api/portal/*.

MethodPathPurpose
GET/api/rights/v1/orgs/:orgSlugPublic org card { organization: { name, slug } }
POST/api/rights/v1/orgs/:orgSlug/intakeBody { email, label? }. Issues OTP. 200 { success, expiresInMinutes, demoOtp? }
POST/api/rights/v1/orgs/:orgSlug/verifyBody { email, otp }. 201 { success, case: { id, type, status, verificationStatus, openedAt } }

demoOtp: returned only when NODE_ENV !== 'production' or RIGHTS_INTAKE_DEMO_OTP=true. Production must send email (Resend / RESEND_API_KEY in product security model). Never return OTP in production JSON as a normal path.

CodeWhen
200 / 201Success
400Validation / invalid OTP
404Unknown org slug
429Rate limited / too many OTP attempts

After verify, operators see the case on platform Rights APIs (status OPEN, verification VERIFIED).


Operator cases

Auth: session Bearer + org membership.
Base: /api/platform/orgs/:orgId/rights/cases
Type: DELETE only. Start enqueues Job rights.delete (worker + connectors).

Non-members receive 404 for the org (no enumeration). Cases in another org return 404.

Case JSON shape (public)

{
  "case": {
    "id": "…",
    "organizationId": "…",
    "projectId": null,
    "type": "DELETE",
    "status": "OPEN",
    "verificationStatus": "UNVERIFIED",
    "subject": { "email": "a@b.co", "externalId": null, "label": null },
    "openedAt": "…",
    "completedAt": null,
    "cancelledAt": null,
    "failedAt": null,
    "createdAt": "…",
    "updatedAt": "…",
    "events": [
      {
        "id": "…",
        "type": "case.created",
        "payload": {},
        "actorType": "operator",
        "actorId": "…",
        "createdAt": "…"
      }
    ]
  }
}

List responses omit events. Detail + mutation responses include events.

Case routes

MethodPathNotes
POST…/casesCreate. Body: { subject: { email?, externalId?, label? }, projectId?, type?: "DELETE" }. Email and/or externalId required. 201 { case }
GET…/casesList. Query: status, take (1–100, default 50). 200 { cases }

Lifecycle actions documented for the operator API group: start, cancel, complete, fail, verify (see platform Rights routes under /api/platform/orgs/:orgId/rights/…).

Start requires:

  1. Verification VERIFIED
  2. Start readiness — enabled Systems; each SQL system has ≥1 DELETE entity with identifiers

Operator UI (same session)

RouteSurface
#/rightsOperations board
#/rights/connectorSystems + Data Maps
#/rights/:caseIdCase detail
#/rights/:caseId/evidenceDeletion evidence

Systems (connectors) + Data Maps

Base: /api/platform/orgs/:orgId/rights/connectors

MethodPathNotes
GET/connectors{ connectors, availableTypes } + health + dataMap summary
POST/connectorsUpsert by type + connection config + optional secrets
GET / PATCH / DELETE/connectors/:idDetail · enable · delete
POST/connectors/:id/testHealth check
POST/connectors/:id/rotateNew secrets; webhook may return revealedSecrets once
GET/connectors/:id/data-mapData map + subject field catalog
POST/connectors/:id/data-map/entitiesAdd entity (table + identifiers + deletion action)
PATCH / DELETE/connectors/:id/data-map/entities/:entityIdUpdate / remove entity
POST/connectors/:id/previewSQL dry-run match counts (no delete)
*/connectors/postgresLegacy alias for POSTGRES

Secrets never return on GET lists (only hasSecrets / display hints). Rotate requires Owner capability.


Evidence (Rights)

MethodPathNotes
GET/api/platform/orgs/:orgId/rights/cases/:caseId/evidenceDeletion evidence package JSON
GETsame ?format=json|csv|report&download=1Export download

Readiness / graph / preview

Operator Rights routes also expose readiness, graph, and execution-preview under the org Rights base (see guide/api Rights operator group).


Handle a deletion request · Systems · Evidence