{ "version": "1", "name": "DPOKit WordPress REST API", "type": "collection", "description": "Bruno collection for the DPOKit WordPress REST API (dpo-kit/v1 namespace).\nImport this file into Bruno (https://usebruno.com) to explore and test plugin REST endpoints.\n\nSet WP_BASE_URL to your WordPress site URL and WP_APP_PASSWORD to a WordPress Application Password.", "items": [ { "uid": "consent-status", "type": "http", "name": "GET Consent Status", "request": { "method": "GET", "url": "{{WP_BASE_URL}}/wp-json/dpo-kit/v1/consent/status", "headers": [], "body": { "mode": "none" }, "auth": { "mode": "none" } }, "docs": "Returns the consent banner configuration and available categories. Public endpoint — no authentication required.\n\nUse this in headless/decoupled setups to render a custom consent UI.\n\nResponse fields:\n- enabled (boolean)\n- categories: { functional, analytics, marketing, personalisation }\n- settings: position, title, message, accept_text, reject_text, expiry_days, privacy_url" }, { "uid": "consent-record", "type": "http", "name": "POST Record Consent", "request": { "method": "POST", "url": "{{WP_BASE_URL}}/wp-json/dpo-kit/v1/consent", "headers": [ { "name": "Content-Type", "value": "application/json", "enabled": true } ], "body": { "mode": "json", "json": "{\n \"visitor_id\": \"abc123\",\n \"categories_accepted\": [\"functional\", \"analytics\"],\n \"categories_rejected\": [\"marketing\", \"personalisation\"],\n \"consent_action\": \"manage\"\n}" }, "auth": { "mode": "none" } }, "docs": "Records a consent decision from the front-end. Public endpoint — called automatically by the consent banner JavaScript.\n\nValid consent_action values: accept_all, reject_all, manage." }, { "uid": "consent-records-list", "type": "http", "name": "GET Consent Records", "request": { "method": "GET", "url": "{{WP_BASE_URL}}/wp-json/dpo-kit/v1/consent/records?per_page=20&offset=0", "headers": [ { "name": "Authorization", "value": "Basic {{WP_APP_PASSWORD}}", "enabled": true } ], "body": { "mode": "none" }, "auth": { "mode": "none" } }, "docs": "Lists consent records. Admin endpoint.\n\nAuthentication: WordPress Application Password (Basic Auth) or X-WP-Nonce header.\n\nQuery params: consent_action, date_from, date_to, search, per_page, offset." }, { "uid": "consent-stats", "type": "http", "name": "GET Consent Stats", "request": { "method": "GET", "url": "{{WP_BASE_URL}}/wp-json/dpo-kit/v1/consent/stats", "headers": [ { "name": "Authorization", "value": "Basic {{WP_APP_PASSWORD}}", "enabled": true } ], "body": { "mode": "none" }, "auth": { "mode": "none" } }, "docs": "Returns aggregate consent statistics: totals, breakdown by action, and category acceptance rates.\n\nAuthentication: WordPress Application Password." }, { "uid": "dsar-intake", "type": "http", "name": "POST DSAR Intake", "request": { "method": "POST", "url": "{{WP_BASE_URL}}/wp-json/dpo-kit/v1/dsar/intake", "headers": [ { "name": "Content-Type", "value": "application/json", "enabled": true } ], "body": { "mode": "json", "json": "{\n \"request_type\": \"access\",\n \"first_name\": \"Jane\",\n \"last_name\": \"Doe\",\n \"email\": \"jane@example.com\",\n \"additional_info\": \"Please include all marketing communications.\"\n}" }, "auth": { "mode": "none" } }, "docs": "Submits a Data Subject Access Request from a headless front-end. Public endpoint.\n\nValid request_type values: access, deletion, rectification, portability, objection\n\nSpam protection: omit the X-PV-HP-Check header (bots that include all headers will be rejected).\n\nReturns: id, reference (e.g. DSR-20260311-A1B2C3), deadline_date, message." }, { "uid": "dsar-status", "type": "http", "name": "GET DSAR Status", "request": { "method": "GET", "url": "{{WP_BASE_URL}}/wp-json/dpo-kit/v1/dsar/status?reference=DSR-20260311-A1B2C3&email=jane%40example.com", "headers": [], "body": { "mode": "none" }, "auth": { "mode": "none" } }, "docs": "Returns the status of a DSAR case. Public endpoint — requires both reference and email to prevent enumeration.\n\nQuery params:\n- reference (required): e.g. DSR-20260311-A1B2C3\n- email (required): the email used to submit the request." }, { "uid": "scanner-start", "type": "http", "name": "POST Scanner Start", "request": { "method": "POST", "url": "{{WP_BASE_URL}}/wp-json/dpo-kit/v1/scanner/start", "headers": [ { "name": "Authorization", "value": "Basic {{WP_APP_PASSWORD}}", "enabled": true }, { "name": "Content-Type", "value": "application/json", "enabled": true } ], "body": { "mode": "json", "json": "{\n \"scan_depth\": 50\n}" }, "auth": { "mode": "none" } }, "docs": "Starts a new site scan and returns a scan_id and list of URLs to crawl.\n\nAuthentication: WordPress Application Password." }, { "uid": "retention-run", "type": "http", "name": "POST Retention Run (Dry Run)", "request": { "method": "POST", "url": "{{WP_BASE_URL}}/wp-json/dpo-kit/v1/retention/run", "headers": [ { "name": "Authorization", "value": "Basic {{WP_APP_PASSWORD}}", "enabled": true }, { "name": "Content-Type", "value": "application/json", "enabled": true } ], "body": { "mode": "json", "json": "{\n \"dry_run\": true\n}" }, "auth": { "mode": "none" } }, "docs": "Triggers a retention enforcement run in dry-run mode (no data is deleted). Remove dry_run or set to false to execute for real.\n\nAuthentication: WordPress Application Password." } ], "environments": [ { "name": "Production", "variables": [ { "name": "WP_BASE_URL", "value": "https://your-wordpress-site.com", "enabled": true }, { "name": "WP_APP_PASSWORD", "value": "base64(username:app_password_here)", "enabled": true } ] }, { "name": "Local Development", "variables": [ { "name": "WP_BASE_URL", "value": "http://localhost:8080", "enabled": true }, { "name": "WP_APP_PASSWORD", "value": "base64(admin:app_password_here)", "enabled": true } ] } ] }