How APIs Help Protect Consumers & Modernize Companies · © 2019 Adobe. All Rights Reserved. Adobe...

© 2019 Adobe. All Rights Reserved. Adobe Confidential.

How APIs Help Protect Consumers & Modernize Companies Ron Nagy | Sr Product Marketing Manager, Adobe I/O @ronnag

y


EXPERIENCES MATTER MORE THAN EVER

3

© 2019 Adobe. All Rights Reserved. Adobe Confidential. 4

Integration is Critical for Digital Experiences

Customers need their content and

data to connect to customer touch

points.


A cohesive set of tools and services that

enable customers and partners to extend

and integrate Adobe products.

Adobe I/O

5


Extensibility Products

Adobe I/O

6

Documentati

on &

Discovery

Access &

Integration

Extend Adobe’s

platform and

solutions through

serverless

functions.

Use webhooks to

receive near-real

time events from

Adobe solutions

Adobe I/O

Runtime

Adobe I/O

Events Creative Cloud

Document Cloud

Experience Cloud

Flexibly integrate

with Adobe’s

products and

solutions

Adobe I/O

API Gateway

Adobe I/O

Console

Adobe.io

Website

JavaScript Helper

Library for Simplified

Development

Local

Development,

Build and

Automation

Adobe I/O CLI

Adobe I/O SDK

© 2019 Adobe. All Rights Reserved. Adobe Confidential. © 2019 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.

7

Adobe Experience Platform

Adobe Analytics Cloud Adobe Advertising Cloud Adobe Marketing Cloud Adobe Commerce Cloud

Adobe Analytics

Adobe Audience

Manager

Adobe Experience

Manager

Adobe Campaign Marketo Engage

Adobe

Target

Magento Commerce

Adobe Sensei

Search DSP

TV Creative

Adobe Experience Cloud


Thoughtful API

and system

design speed

compliance

Expanding Global

Privacy

Regulations

Event based

systems

streamline

notifications

Effective 25 May 2018

Expanded definition of personal

data Strengthened consent

requirements Focus on individual rights

Fines up to 4% of annual revenue

GDPR

Overview

All systems that handle EU data are within GDPR’s scope.

Our Mission

Around

Privacy These are the four core

tenets of Adobe’s mission

vis a vis Privacy Service

Help you build and sustain trust with

your clients

Grow our strong privacy partnership

with data controllers, and

partners

As a processor, protect and respect the data entrusted

to us

Help controllers responsibly unlock the power of data

BRAND’S

RESPONSIBILI

TY

Laura

DATA SUBJECT

CONSENT

TECHNOLOGY

PROVIDER’S

RESPONSIBILIT

Y

SHARED

RESPONSIBIL

ITY

Privacy Service Request

Example

Adobe has Partnerships

with Multiple Consent

Managers

Evidon 1

OneTrust 2

TrustArc 3

Ensure data is

labeled

Labeling data allows Data Controllers to determine which data will be included in the processing of a GDPR request

Labeling data is the first step in answering GDPR requests

Capture IDs in

Adobe Products

Easily

For Adobe’s Privacy Service

API to process requests it

requires IDs

Consider deploying Adobe’s Privacy Service ID retrieval tag on your privacy portal 2

Adobe’s Privacy Service ID retrieval tag is a lightweight JavaScript library to collect visitors’ Adobe IDs

1

Privacy Service Overview

Laura

Data

Subject

Privacy Team

Data Controller

Adobe

Experience

Cloud

Data Processor

Delete/Access/Status

Capture Adobe IDs

Consent 1

UI/API Query 4

5 Return via API 6 Response

Data Labeling 2

GDPR Request 3


Privacy Service User

Interface

Privacy Service API

Privacy Team

Data Controller

Adobe

Experience

Cloud

Data Processor

Delete

Access

Status

Send Request

Return response

Privacy Service API


• Facilitates customer automation and batch submissions

• Publicly available through Adobe I/O

• Simple interface using REST API’s

API Name Method Type Description

Access POST Access requests for central service to retrieve all data

corresponding with provided user id's

Delete POST Delete request for central service to delete all data

corresponding with provided user id's

Status GET Retrieve the status of a job

Status (all) GET Retrieve all job statuses for the requesting user

Privacy Service API


Submissions are driven through the

organization identifier, though legacy account

IDs are also accepted

organization ID – one per request

Multiple data subject ID’s may be submitted in a

single request

they will be broken into individual jobs per unique data

subject ID within the GDPR API

IDs collected by the customer, from their data

subjects or through the Adobe tools, are

submitted as requests to the GDPR API

Multiple IDs per data subject may be submitted as a

collection

Product-specific requests instruct Adobe as to

where the data needs to be processed

Privacy Service API Request

Example {

"companyContexts": [

{ "namespace": "imsOrgID",

"value": "123456789@AdobeOrg" }

],

"users": [

{ "key": "user_1234",

"action": ["access"],

"userIDs": [

{ "namespace": "email",

"value": "[email protected]",

"type": "standard"

}, {

"namespace": "ECID",

"type":"standard",

"value":"443636576799"

}

],

"include":["Analytics","AudienceManager"]

}


GDPR Central Service Architecture

20

Privacy

Service

UI

3rd party

automation

(API Access)

Privacy

Service

API

Adobe I/O

API

Gateway

Kafka

Pipeline

Experience

Cloud Products

…

Potential

Drawbacks in

current API model

Privacy Team

Data Controller

Adobe

Experience

Cloud

Data Processor

Delete

Access

Status

Send GDPR Request

Return response

Privacy Service API

Return response

Return response

Return response


Streamline process

with APIs & Cloud

events

22

Serverless compute

to run custom code

that consumes those

Events and

manipulates the APIs

APIs to

manipulate data

and flows

Events to

react in real

time to

system

changes

Adobe I/O Runtime

Adobe I/O

Events

Adobe I/O

API

Gateway


How I/O Events work

23

I/O Events Bus

Webhook Journaling API

Event

Consume

r

Privacy

Service (GDPR)

Event

Consume

r

Creative

Cloud

Assets

AEM Events Experienc

e

Events

Data &

Profile

Events

AEM Cloud

Manager

Analytics

Triggers


We are compliant!

24

A specification for describing event data in a common way


Enables brands to listen for responses thus

cutting down on traffic and noise.

Compliant to Cloud Events spec 0.3

Key message type encoded into the type field

jobcomplete: All solutions have completed their work (if

required), and the overall job status is set to

COMPLETE.

joberror: At least one solution has reported an error and

the overall job status is set to ERROR.

productcomplete: One of the solutions has completed its

work and reported back to the central service.

producterror: One of the solutions has reported back

with an error of some kind.

Privacy Service API Event Response

Example

{

"specversion": "0.3",

"type": "com.adobe.platform.gdpr.jobcompl

ete",

"source": "https://ns.adobe.com/platform/gd

pr", "id": "639fd17a-d0bb-40ca-

83a4…",

"time": "2018-04-05T17:31:00Z",

"data": {

"imsOrg": "A71B5B5B54F607AB

0A4C98A 2@AdobeOrg",

"value":

{

"jobId": "68b2f3df-0bed-42a2-

a21b- 72ac94bf549c",

"message": "success"

}

}

}


Thoughtful API

and system

design speed

compliance

Expanding Global

Privacy

Regulations

Event based

systems

streamline

notifications

How APIs Help Protect Consumers & Modernize Companies · © 2019 Adobe. All Rights Reserved. Adobe...

Documents

Transcript of How APIs Help Protect Consumers & Modernize Companies · © 2019 Adobe. All Rights Reserved. Adobe...