Getting started
Unova offers a complete privacy and compliance platform: DSARs (access, rectification, erasure), consents, cookie preferences, transparency, auditing and reporting – with a REST API, SDK, HMAC webhooks, KMS/BYOK and end-to-end encryption.
-
Step 1
Create your account
Legal, technology, cybersecurity and customer service/support team.
-
Step 2
Configure policies
Map systems, purposes, legal bases and retention rules for your data.
-
Step 3
Integrate
Use the SDK/REST, enable DSARs and publish/respond through the data subject portal.
Environments & endpoints
Base URL
Status
Authentication
Bearer / JWT
Send Authorization: Bearer <TOKEN> in every request.
Correlation
Use X-Request-Id (UUID) to link request↔response and logs.
Idempotency
Safe retries with X-Idempotency-Key.
REST endpoints
/v1/dsars
type=access
Request:
{não disponível}Response (200):
{não disponível}
Use receipt.signature as proof for auditing purposes.
/v1/dsars
type=rectification
{não disponível}
Optional: include changes with the fields and values to be corrected.
/v1/dsars
type=erasure
{não disponível}
Supports scope by systems/purposes while respecting retention rules.
/v1/dsars/{id}
/v1/consents
/v1/cookies/preferences
Defines preferences by category (e.g. essential, statistics, marketing) with proof of record.
{não disponível}/v1/cookies/preferences/{subjectId}
HMAC webhooks
Validate the signature via X-Unova-Signature using the raw body of the request.
dsar.updated, consent.changed, cookies.preference.changed, policy.updated…
{não disponível}Encryption & KMS
In transit & at rest
TLS 1.2+ in transit and AES-256 at rest (Cloud KMS). Usage logs and key rotation.
KMS / BYOK
Bring your own keys (BYOK) and control rotation and access cycles.
Field-level encryption
Field-level encryption via SDK (WebCrypto/Libsodium). Keys never leave your domain.
SDK & Examples
Install the official SDK and get started in minutes.
Installation
{não disponível}Create DSAR with SDK
{não disponível}Errors & Limits
Error pattern
{
"error": { "code": "invalid_request", "message": "Missing subjectId", "requestId": "7b5f6e5d-21d0..." }
}
We always return requestId in the error.
Rate limits
- 429 when the limit is exceeded.
-
Use
Retry-Afterfor exponential backoff. -
Idempotency is recommended with
X-Idempotency-Key.
Changelog
-
Webhook
policy.updated -
Support for
X-Idempotency-Keyin all POST requests - Audit improvements in the receipt
-
Endpoint
/v1/consentswith proof of record -
Scope fields in DSARs (
scope[])
- HMAC SHA-256 enabled in webhooks
- Public sandbox for testing
Quick FAQ
Which languages are supported?
SDKs in JS/TS, Python, PHP and Go. REST is available for any language.
How do I get my token?
In Settings → API on the Unova dashboard (appropriate roles are required).
Is there a sandbox environment?
Yes. Use https://api.sandbox.unova.digital for testing.
Blockchain/legal receipt?
Critical events can generate a signed receipt and an anchored hash for legal assurance.
