Data Privacy on API
Data posted to REST API
Any new data created or modified by the user on REST API is only visible to that particular user. Since token is only the key to identify the user, user should pass the token for GET requests also (otherwise user won't be able to view the data that he created or modified). This is done to protect the user privacy in case if user has posted any personal information. Everyday all existing data is deleted and created again with fake values.
API Logs
API logs created to trouble shoot in case of any issues. User can delete them at any time, if not deleted by user those will be deleted by system after 7 days
User Account Deletion
User has option to delete his own account with all data, in this case account will be scheduled for deletion in 24 hours. The following actions are performed during deletion.
- Access token are deleted.
- Any answers posted by the user in
Helpsection are deleted. - Any questions posted by the user in
Helpsection are deleted. - Any user created/modified data on the API end points
users,posts,commentsandtodosare deleted. - API access logs are deleted.
- Application will send a confirmation email to user
- User account is deleted.
Correct. Data you create or modify via the API is only visible when you pass your access token. Without the token, GET endpoints return only the public seed data.
This is by design for privacy - each API key has its own view of the data.