API Guide for DPOs

Welcome to the Daisy API documentation! This guide is designed to help Data Protection Officers and their technical teams understand how to integrate Daisy's GDPR compliance capabilities into your organization's workflows.

Accessing the Daisy Platform

As a DPO, you have two primary ways to access Daisy's capabilities:

1. Web Portal: User-friendly interface for direct creation and management of compliance documentation
2. API Integration: For embedding Daisy capabilities into your existing compliance management systems

This API documentation is primarily for your IT team or developers who will help integrate Daisy into your existing workflows.

Authentication and Security

API Key Management

Your organization will be provided with secure API credentials:

• API keys should only be shared with authorized personnel
• Each department can have separate keys with specific permissions
• All API access is logged for audit purposes
• Keys can be rotated regularly for enhanced security

Data Protection Measures

In accordance with GDPR Article 32, all API communications include:

• TLS 1.2+ encryption for all data in transit
• Strong authentication mechanisms
• Rate limiting to prevent unauthorized access attempts
• Comprehensive access logging
• Physical data isolation for your organization's information

Core API Capabilities for GDPR Compliance

Document Generation

Generate essential GDPR documentation:

• Data Protection Impact Assessments (Article 35)
• Records of Processing Activities (Article 30)
• Privacy Policies (Articles 13 & 14)
• Data Processing Agreements (Article 28)
• Breach Notification Templates (Articles 33 & 34)

Compliance Research

Access AI-powered research capabilities:

• Query GDPR requirements and interpretations
• Analyze EDPB guidelines and opinions
• Review relevant court decisions
• Monitor regulatory changes across EU member states

Data Mapping

Maintain comprehensive data flow documentation:

• Track cross-border data transfers
• Document data storage locations
• Map processor relationships
• Identify high-risk processing activities

Using the API with Your Compliance Tools

The Daisy API is designed to integrate with common tools in a DPO's workflow:

• GRC Platforms: Supplement your governance, risk, and compliance tools
• Privacy Management Software: Enhance existing privacy management capabilities
• Document Management Systems: Store generated documents in your existing repositories
• Ticketing Systems: Trigger document generation from compliance requests

API Concepts for Your Technical Team

When working with your IT department to implement Daisy, they should understand:

1. RESTful API: Standard HTTP methods and status codes
2. JSON Responses: Structured, easy-to-parse responses
3. Pagination: For handling large result sets
4. Rate Limiting: Fair usage policies to ensure service quality
5. Webhooks: For notifications about long-running processes

Getting Started

Your technical team can begin by:

1. Setting up secure API key storage
2. Testing the API in a development environment
3. Creating your first GDPR document through the API
4. Setting up automated workflows for routine compliance tasks

For detailed technical documentation, please refer your IT team to the specific endpoint guides linked below.

Available API Endpoints

• Legal Documents API - Generate and manage GDPR compliance documents
• Assets API - Store and manage compliance-related files
• Threads API - Manage ongoing compliance conversations
• WebSocket API - Real-time updates for compliance processes client = DaisyClient(api_key='your-api-key')

// Java DaisyClient client = new DaisyClient("your-api-key");

## Main API Endpoints

Daisy offers several API endpoints for different purposes:

### 1. Legal Documents API

Generate legal documents like DPIAs, privacy policies, and more:

```javascript
// Create a new DPIA document
const document = await daisy.legalDocuments.create({
  documentType: 'DPIA',
  companyName: 'Acme Inc.',
  dataProcessingDetails: {
    purpose: 'Customer data analysis',
    dataCategories: ['email', 'purchase history', 'browsing behavior'],
    legalBasis: 'legitimate_interest',
  },
});

// Get the generated document
console.log(document.content);

Learn more about Legal Documents API →

2. Deep Research API

Let AI research complex legal topics for you:

// Research a legal question
const research = await daisy.deepResearch.create({
  question: 'What are the GDPR requirements for collecting email addresses?',
  depth: 'comprehensive', // 'basic', 'standard', or 'comprehensive'
  jurisdiction: 'EU',
});

// Get the research results
console.log(research.summary);
console.log(research.references);

Learn more about Deep Research API →

3. WebSocket API

For real-time updates on document generation:

// Connect to WebSocket
const socket = daisy.connectWebSocket();

// Listen for document generation updates
socket.on('documentUpdate', (update) => {
  console.log(`Document ${update.documentId} status: ${update.status}`);
  console.log(`Progress: ${update.progress}%`);
});

Learn more about WebSocket API →

Rate Limits and Quotas

• Free tier: 100 API calls per month
• Starter plan: 1,000 API calls per month
• Business plan: 10,000 API calls per month
• Enterprise plan: Custom limits

Rate limiting is applied at 60 requests per minute.

Error Handling

All API responses follow standard HTTP status codes:

• 200 OK: Request succeeded
• 400 Bad Request: Invalid parameters
• 401 Unauthorized: Invalid API key
• 429 Too Many Requests: Rate limit exceeded
• 500 Server Error: Something went wrong on our end

Example error response:

{
  "error": {
    "code": "invalid_parameter",
    "message": "documentType is required",
    "param": "documentType"
  }
}

SDK Reference

For more detailed SDK documentation, visit:

• JavaScript/TypeScript SDK
• Python SDK
• Java SDK

Need Help?

• Contact Support
• API Troubleshooting Guide
• Community Forum
  • Message streaming
  • Live updates
  • Event handling

Authentication

All APIs require authentication using session-based auth. See the Authentication documentation for details.

Example authentication header:

Authorization: Bearer <jwt_token>

Common Patterns

Response Format

All APIs follow a consistent response format:

interface ApiResponse<T> {
  data?: T;
  error?: {
    code: string;
    message: string;
    details?: any;
  };
  meta?: {
    page?: number;
    limit?: number;
    total?: number;
  };
}

Error Handling

Standard HTTP status codes:

• 200: Success
• 400: Bad Request
• 401: Unauthorized
• 403: Forbidden
• 404: Not Found
• 500: Internal Server Error

Pagination

For paginated endpoints:

interface PaginationParams {
  page?: number; // Default: 1
  limit?: number; // Default: 10
  sort?: string; // Format: "field:direction"
}

interface PaginatedResponse<T> {
  data: T[];
  meta: {
    page: number;
    limit: number;
    total: number;
    pages: number;
  };
}

WebSocket Events

Common event patterns:

// Response events
interface ResponseEvent {
  threadId: string;
  content: string;
  messageId: string;
  type: 'ai' | 'tool';
}

// Completion events
interface CompletionEvent {
  threadId: string;
  status: 'completed' | 'failed';
}

Rate Limiting

API rate limits are enforced:

API	Limit	Window
General	100	per minute
Search	50	per minute
Generation	10	per minute

Headers provide rate limit info:

X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1625097600

API Versioning

APIs are versioned through URL prefixing:

/api/v1/threads
/api/v1/legal-documents

Version changelog:

• v1: Current stable version
• v2: In development (beta)

Best Practices

1. Error Handling

try {
  const response = await api.post('/threads', data);
} catch (error) {
  if (error.status === 401) {
    // Handle authentication error
  } else if (error.status === 429) {
    // Handle rate limiting
  }
  // Handle other errors
}

2. Pagination

// Fetch paginated results
const response = await api.get('/threads', {
  params: {
    page: 2,
    limit: 20,
    sort: 'createdAt:desc',
  },
});

3. Real-time Integration

// Connect to WebSocket
const socket = io(API_URL, {
  auth: { token: getAuthToken() },
});

// Listen for events
socket.on('daisy.event.message-response', handleMessage);
socket.on('daisy.event.message-response-finished', handleComplete);

Security Guidelines

1. Authentication

• Use secure tokens
• Implement refresh flow
• Monitor suspicious activity

2. Data Protection

• Validate all inputs
• Sanitize outputs
• Encrypt sensitive data

3. Error Handling

• Don't expose internals
• Log securely
• Rate limit failures

API Status

Monitor API status at:

• Status page: https://status.daisy.com
• System metrics: https://metrics.daisy.com

Getting Help

• API Support: api-support@daisy.com
• Documentation Issues: docs@daisy.com
• Stack Overflow Tag: daisy-api

Tools and SDKs

• Node.js SDK
• Python SDK
• Postman Collection

Changelog

Latest Changes

• 2025-04: Added Deep Research API
• 2025-03: Enhanced Legal Documents API
• 2025-02: Added real-time updates
• 2025-01: Initial API release