Request Lifecycle
Alpha
DSAR is currently in alpha. APIs, package surfaces, configuration, and documentation may change as the project evolves.
This guide connects the DSAR lifecycle into one operator-facing and subject-facing workflow.
Lifecycle Overview
1. Initialize and Intake
POST /initbootstraps runtime initialization when your deployment expects an explicit init step.POST /requestsrecords a request from an intake payload.POST /requests/capturecaptures the request and immediately returns due-date context in the lifecycle response.
See Init API and Core Request API.
2. Review, Explain, and Enrich
Operators typically use these endpoints while triaging the request:
GET /requestsGET /requests/:idGET /requests/:id/timelineGET /requests/:id/clock/explainPUT /requests/:id/requestorPOST /requests/:id/clarifications/requestPOST /requests/:id/clarifications/receivePOST /requests/:id/extensionsPOST /requests/:id/refusalsPOST /requests/:id/acknowledgementsPOST /requests/:id/closures
See Core Request API.
3. Verify Identity or Authority
If policy or risk requires stronger proof:
POST /requests/:id/authority/submitPOST /requests/:id/authority/approvePOST /requests/:id/authority/rejectPOST /requests/:id/verification/requestPOST /requests/:id/verification/evidencePOST /requests/:id/verification/evidence/uploadPOST /requests/:id/verification/approvePOST /requests/:id/verification/rejectGET /requests/:id/verification-case
See Verification API.
4. Assemble the Fulfilment Package
Once the request is moving toward completion:
GET /requests/:id/manifestPOST /requests/:id/manifest/validatePOST /requests/:id/manifest/artifact/uploadGET /requests/:id/manifest/artifact/downloadPUT /requests/:id/manifest/artifact/:artifactId/replacePOST /requests/:id/fulfilmentPOST /requests/:id/fulfilment/callback
See Manifest API and Delivery API.
5. Deliver and Track Access
DSAR supports prepared delivery plus token-gated access:
POST /requests/:id/delivery/preparePOST /requests/:id/delivery/address/verifyPOST /requests/:id/delivery/step-up/challengePOST /requests/:id/delivery/step-up/completeGET /requests/:id/artifacts/:artifactId/downloadGET /requests/:id/delivery/logs
See Delivery API.
6. Appeal, Audit, and Notifications
After delivery, the request may still branch into follow-up workflows:
POST /requests/:id/appealsGET /requests/:id/appealsPOST /requests/:id/appeals/:appealId/decideGET /requests/:id/audit/exportPOST /requests/:id/audit/verifyGET /requests/:id/notificationsPOST /requests/:id/notifications/:eventId/replay
See Appeals API, Audit API, and Core Request API.
Auth Reminder
Verification routes are workflow controls, not a browser login system. Keep machine credentials on the server side and use trusted host identity projection for dashboard or portal experiences when the host product already authenticated the user.
See Auth Model.