🎉 OneTrust 6.29 Released!

We are excited to announce the following enhancements in the OneTrust Developer Portal as part of OneTrust 6.29.

👍

For more information about the release and our product updates in the OneTrust application, refer to the OneTrust Release Notes page. Learn more about environment maintenance on the Current and Historic Maintenance page, and subscribe to proactive environment notifications on our System Status and Scheduled Maintenance page.

❗️

API Keys created in the Integrations module prior to OneTrust 6.14 (known as Legacy API Keys) will reach end of support on January 31, 2022. Any customers leveraging these Legacy API Keys to authenticate OneTrust APIs or any integration workflows will be affected.

Customers should update any applications or webhooks leveraging these Legacy API Keys with one of the OAuth 2.0 methods OneTrust offers to prevent any interruption of service. If you are not making use of Legacy API Keys, no changes are required. For additional details, see End of Support for Legacy API Keys.

General

• New SCIM APIs: Added SCIM v3 APIs to support System for Cross-Domain Identity Management (SCIM) User & Group Provisioning. These APIs provide you with the ability to provision and deprovision users, provision user groups, and manage access for users by provisioning them to user groups. For more information, see SCIM User & Group Provisioning.
  • GET /v3/Groups New API
  • POST /v3/Groups New API
  • GET /v3/Groups/{groupId} New API
  • PUT /v3/Groups/{groupId} New API
  • DELETE /v3/Groups/{groupId} New API
  • PATCH /v3/Groups/{groupId} New API
  • GET /v3/Users New API
  • POST /v3/Users New API
  • GET /v3/Users/{id} New API
  • PUT /v3/Users/{id} New API
  • PATCH /v3/Users/{id} New API

Assessment Automation

• Added Parameters to Get Assessment Details API: Updated API to include primary record details (id, name, number, type) and the residualRiskScore, openRisksCount, inherentRiskScore, targetRiskScore, and lastUpdated parameters in the response.
  • GET/v2/assessments/{assessmentId}/export Updated API
• Added Parameters to Get Assessment List API: Updated API to include the residualRiskScore, openRisksCount, inherentRiskScore, targetRiskScore, and lastUpdated parameters in the response.
  • GET/v2/assessments Updated API
• Archive Assessments: Added API to archive a single or multiple active assessments. After archiving, assessments will be moved into the archive list.
  • PUT/v2/assessments/archive New API
• Unarchive Assessments: Added API to unarchive a single or multiple archived assessments. After unarchiving, assessments will be moved back to the active list.
  • PUT/v2/assessments/un-archive New API

Cookie Compliance

• Updated Query Parameter: Updated API to include website as a required query parameter. If the website parameter is not included, the API will return 0 results. If it is included without a value, the API will return all the websites in the account.
  • GET /v2/websites Updated API

Universal Consent & Preference Management

• Retrieve Historical Receipts: Updated the API with the includeArchived query parameter. This allows users to fetch historical receipts older than 90 days when used in conjunction with the identifier or receiptId parameters.
  • POST /api/consent/v2/receipts Updated API
• Find Data Subject Duplicates: Updated the API request body to accept custom data element names instead of GUIDs. This allows users to more easily find duplicate data subjects.
  • POST /api/datasubjects/v1/mergerequestschedule Updated API
• Reference Validation for Parent/Child Groups: Updated the API with an added validation to allow a child consent group to be added to a parent group only once. This update will present users with an error message to prevent the same child group from being passed into the parent group again.
  • POST /api/consent/v2/consent-groups/{consentGroupGuid}/consent-groups Updated API

DataDiscovery

• Create New Scan Profile: Added API to create new scan profiles for DataDiscovery. This allows users to define scan types, include-exclude paths, limits, and other settings for a specific data source.
  • POST/scan-profiles New API
• Get Scan Profile by ID: Added API to retrieve a scan profile by ID. This allows users to fetch any scan profile from the application by its unique ID.
  • GET/scan-profiles/{scanProfileId} New API
• Get List of Scan Profiles: Added API to retrieve the list of available scan profiles. This allows users to collect all existing scan profiles from the application based on the set criteria.
  • GET/scan-profiles New API