Skip to main content

Endpoint

POST /v1/dpdp/grievances

Authentication

Requires a developer API key in the Authorization header.

Request Headers

HeaderValue
AuthorizationBearer <api_key>
Content-Typeapplication/json

Request Body

FieldTypeRequiredDescription
dataPrincipalIdstringYesThe data principal filing the grievance
typestringYesGrievance type (e.g., "consent-violation", "data-breach", "unauthorized-processing")
descriptionstringYesDetailed description of the grievance
recordIdstringNoRelated consent record ID (if applicable)
evidenceobjectNoSupporting evidence as a JSON object

Example Request

curl -X POST https://grantex-auth-dd4mtrt2gq-uc.a.run.app/v1/dpdp/grievances \
  -H "Authorization: Bearer gx_..." \
  -H "Content-Type: application/json" \
  -d '{
    "dataPrincipalId": "user_abc123",
    "type": "unauthorized-processing",
    "description": "Data was processed beyond the consented purposes",
    "recordId": "cr_01HXYZ...",
    "evidence": {
      "observedAction": "marketing emails sent without consent",
      "timestamp": "2026-04-04T10:00:00.000Z"
    }
  }'

Response — 202 Accepted

{
  "grievanceId": "grv_01HXYZ...",
  "referenceNumber": "GRV-2026-00042",
  "type": "unauthorized-processing",
  "status": "submitted",
  "expectedResolutionBy": "2026-04-12T14:00:00.000Z",
  "createdAt": "2026-04-05T14:00:00.000Z"
}

Response Fields

FieldTypeDescription
grievanceIdstringUnique grievance ID
referenceNumberstringHuman-readable reference number (format: GRV-YYYY-NNNNN)
typestringGrievance type
statusstringInitial status: submitted
expectedResolutionBystringISO-8601 deadline for resolution (7 days from filing)
createdAtstringISO-8601 creation timestamp

Error Responses

StatusCodeDescription
400BAD_REQUESTMissing required fields (dataPrincipalId, type, description)
401UNAUTHORIZEDInvalid or missing API key

SDK Examples

import Grantex from '@grantex/sdk';

const grantex = new Grantex({ apiKey: 'gx_...' });

const grievance = await grantex.dpdp.fileGrievance({
  dataPrincipalId: 'user_abc123',
  type: 'unauthorized-processing',
  description: 'Data was processed beyond consented purposes',
  recordId: 'cr_01HXYZ...',
});
// grievance.referenceNumber → "GRV-2026-00042"