Transcend CLI

A command line interface that allows you to programatically interact with the Transcend.

Changelog

To stay up to date on breaking changes to the CLI between major version updates, please refer to CHANGELOG.md.

Installation

This package is distributed through npm, and assumes an installation of npm and Node.

``sh npm install --global @transcend-io/cli transcend --help`

You can also run the CLI using npx:

`sh npx -p @transcend-io/cli -- transcend --help`

Note

_The CLI commands which interact with Transcend's API will default to using Transcend's EU backend. To use these commands with the US backend, you will need to add the flag --transcendUrl=https://api.us.transcend.io. You can also set the environment variable TRANSCEND_API_URL=https://api.us.transcend.io_

`transcend.yml`

Within your git repositories, you can define a file transcend.yml. This file allows you define part of your Data Map in code. Using the CLI, you can sync that configuration back to the Transcend Admin Dashboard (https://app.transcend.io/privacy-requests/connected-services).

You can find various examples for your transcend.yml file in the examples/ folder. If you are looking for a starting point to copy and paste, simple.yml is a good place to start. This file is annotated with links and documentations that new members of your team can use if they come across the file.

The API for this YAML file can be found in ./src/codecs.ts under the variable named "TranscendInput". The shape of the YAML file will be type-checked every time a command is run.

By default, your editor or IDE should recognize transcend.yml and validate it against our latest published JSON schema. This is dependent on whether your editor uses yaml-language-server, such as through the VS Code YAML extension.

Your editor will use the latest version's schema. To pin the transcend.yml schema to a previous major version, include this at the top of your file (and change v4 to your target major version):

`yml

`yaml-language-server: $schema=https://raw.githubusercontent.com/transcend-io/cli/main/transcend-yml-schema-v4.json`

The structure of transcend.yml looks something like the following:

`yaml

`Manage at: https://app.transcend.io/infrastructure/api-keys`


See https://docs.transcend.io/docs/authentication

Define API keys that may be shared across data silos

in the data map. When creating new data silos through the YAML

CLI, it is possible to specify which API key should be associated

with the newly created data silo.

api-keys:
  - title: Webhook Key
  - title: Analytics Key
Manage at: https://app.transcend.io/privacy-requests/identifiers

See https://docs.transcend.io/docs/identity-enrichment

Define enricher or pre-flight check webhooks that will be executed

prior to privacy request workflows. Some examples may include:

  - identity enrichment: look up additional identifiers for that user.

                         i.e. map an email address to a user ID

  - fraud check: auto-cancel requests if the user is flagged for fraudulent behavior

  - customer check: auto-cancel request for some custom business criteria

enrichers:
  - title: Basic Identity Enrichment
    description: Enrich an email address to the userId and phone number
    url: https://example.acme.com/transcend-enrichment-webhook
    input-identifier: email
    output-identifiers:
      - userId
      - phone
      - myUniqueIdentifier
  - title: Fraud Check
    description: Ensure the email address is not marked as fraudulent
    url: https://example.acme.com/transcend-fraud-check
    input-identifier: email
    output-identifiers:
      - email
    privacy-actions:
      - ERASURE
Manage at: https://app.transcend.io/privacy-requests/connected-services

See https://docs.transcend.io/docs/the-data-map#data-silos

Define the data silos in your data map. A data silo can be a database,

or a web service that may use a collection of different data stores under the hood.

data-silos:
  # Note: title is the only required top-level field for a data silo
  - title: Redshift Data Warehouse
    description: The mega-warehouse that contains a copy over all SQL backed databases
    integrationName: server
    url: https://example.acme.com/transcend-webhook
    api-key-title: Webhook Key
    data-subjects:
      - customer
      - employee
      - newsletter-subscriber
      - b2b-contact
    identity-keys:
      - email
      - userId
    deletion-dependencies:
      - Identity Service
    owners:
      - alice@transcend.io
    datapoints:
      - title: Webhook Notification
        key: _global
        privacy-actions:
          - ACCESS
          - ERASURE
          - SALE_OPT_OUT
      - title: User Model
        description: The centralized user model user
        key: users
        privacy-actions:
          - ACCESS
        fields:
          - key: firstName
            title: First Name
            description: The first name of the user, inputted during onboarding
          - key: email
            title: Email
            description: The email address of the user


Usage
$3

Bulk approve a set of privacy requests from the DSR Automation -> Incoming Requests tab.

FLAGS --auth The Transcend API key. Requires scopes: "Request Approval and Communication", "View Incoming Requests", "Manage Request Compilation" --actions The request actions to approve [AUTOMATED_DECISION_MAKING_OPT_OUT|USE_OF_SENSITIVE_INFORMATION_OPT_OUT|CONTACT_OPT_OUT|SALE_OPT_OUT|TRACKING_OPT_OUT|CUSTOM_OPT_OUT|AUTOMATED_DECISION_MAKING_OPT_IN|USE_OF_SENSITIVE_INFORMATION_OPT_IN|SALE_OPT_IN|TRACKING_OPT_IN|CONTACT_OPT_IN|CUSTOM_OPT_IN|ACCESS|ERASURE|RECTIFICATION|RESTRICTION|BUSINESS_PURPOSE|PLACE_ON_LEGAL_HOLD|REMOVE_FROM_LEGAL_HOLD, separator = ,] [--origins] The request origins to approve [PRIVACY_CENTER|ADMIN_DASHBOARD|API|SHOPIFY, separator = ,] [--silentModeBefore] Any requests made before this date should be marked as silent mode [--createdAtBefore] Approve requests that were submitted before this time [--createdAtAfter] Approve requests that were submitted after this time [--transcendUrl] URL of the Transcend backend. Use https://api.us.transcend.io for US hosting [default = https://api.transcend.io] [--concurrency] The concurrency to use when uploading requests in parallel [default = 50] -h --help Print help information and exit`

#### Examples

Bulk approve all SALE_OPT_OUT and ERASURE requests

`sh transcend request approve --auth="$TRANSCEND_API_KEY" --actions=SALE_OPT_OUT,ERASURE`

Specifying the backend URL, needed for US hosted backend infrastructure

`sh transcend request approve --auth="$TRANSCEND_API_KEY" --actions=ERASURE --transcendUrl=https://api.us.transcend.io`

Approve all Erasure requests that came through the API

`sh transcend request approve --auth="$TRANSCEND_API_KEY" --actions=ERASURE --origins=API`

Approve all requests, but mark any request made before 05/03/2023 as silent mode to prevent emailing those requests

`sh transcend request approve \ --auth="$TRANSCEND_API_KEY" \ --actions=SALE_OPT_OUT \ --silentModeBefore=2025-05-03T00:00:00.000Z`

Increase the concurrency (defaults to 50)

`sh transcend request approve --auth="$TRANSCEND_API_KEY" --actions=ERASURE --concurrency=100`

Approve ERASURE requests created within a specific time frame

`sh transcend request approve \ --auth="$TRANSCEND_API_KEY" \ --actions=SALE_OPT_OUT \ --createdAtBefore=2025-05-03T00:00:00.000Z \ --createdAtAfter=2025-04-03T00:00:00.000Z`

`$3`

`txt USAGE transcend request upload (--auth value) [--file value] [--transcendUrl value] [--cacheFilepath value] [--requestReceiptFolder value] [--sombraAuth value] [--concurrency value] [--attributes value] [--isTest] [--isSilent] [--skipSendingReceipt] [--emailIsVerified] [--skipFilterStep] [--dryRun] [--debug] [--defaultPhoneCountryCode value] transcend request upload --help

Upload a set of requests from a CSV.

This command prompts you to map the shape of the CSV to the shape of the Transcend API. There is no requirement for the shape of the incoming CSV, as the script will handle the mapping process.

The script will also produce a JSON cache file that allows for the mappings to be preserved between runs.

FLAGS --auth The Transcend API key. Requires scopes: "Submit New Data Subject Request", "View Identity Verification Settings", "View Global Attributes" [--file] Path to the CSV file of requests to upload [default = ./requests.csv] [--transcendUrl] URL of the Transcend backend. Use https://api.us.transcend.io for US hosting [default = https://api.transcend.io] [--cacheFilepath] The path to the JSON file encoding the metadata used to map the CSV shape to Transcend API [default = ./transcend-privacy-requests-cache.json] [--requestReceiptFolder] The path to the folder where receipts of each upload are stored [default = ./privacy-request-upload-receipts] [--sombraAuth] The Sombra internal key, use for additional authentication when self-hosting Sombra [--concurrency] The concurrency to use when uploading requests in parallel [default = 50] [--attributes] Tag all of the requests with the following attributes. Format: key1:value1;value2,key2:value3;value4 [default = Tags:transcend-cli] [--isTest] Flag whether the requests being uploaded are test requests or regular requests [default = false] [--isSilent/--noIsSilent] Flag whether the requests being uploaded should be submitted in silent mode [default = true] [--skipSendingReceipt] Flag whether to skip sending of the receipt email [default = false] [--emailIsVerified/--noEmailIsVerified] Indicate whether the email address being uploaded is pre-verified. Set to false to send a verification email [default = true] [--skipFilterStep] When true, skip the interactive step to filter down the CSV [default = false] [--dryRun] When true, perform a dry run of the upload instead of calling the API to submit the requests [default = false] [--debug] Debug logging [default = false] [--defaultPhoneCountryCode] When uploading phone numbers, if the phone number is missing a country code, assume this country code [default = 1] -h --help Print help information and exit`

See a demo of the interactive mapping processbelow (_note: the command is slightly different from the one shown in the video, but the arguments are the same._)

https://user-images.githubusercontent.com/10264973/205477183-d4762087-668c-43f1-a84c-0fce0ec3e132.mov

#### Examples

Upload requests from a CSV file

`sh transcend request upload --auth="$TRANSCEND_API_KEY" --file=/Users/transcend/Desktop/test.csv`

For self-hosted sombras that use an internal key

`sh transcend request upload \ --auth="$TRANSCEND_API_KEY" \ --sombraAuth="$SOMBRA_INTERNAL_KEY" \ --file=/Users/transcend/Desktop/test.csv`

Run without being prompted to filter requests

`sh transcend request upload --auth="$TRANSCEND_API_KEY" --file=/Users/transcend/Desktop/test.csv --skipFilterStep`

Perform a dry run to see what will be uploaded, without calling the Transcend API

`sh transcend request upload --auth="$TRANSCEND_API_KEY" --file=/Users/transcend/Desktop/test.csv --dryRun`

Mark the uploaded requests as test requests

`sh transcend request upload --auth="$TRANSCEND_API_KEY" --file=/Users/transcend/Desktop/test.csv --isTest`

Send email communications to the users throughout the request lifecycle

`sh transcend request upload --auth="$TRANSCEND_API_KEY" --file=/Users/transcend/Desktop/test.csv --isSilent=false`

Upload requests without sending initial email receipt, but still send later emails

`sh transcend request upload --auth="$TRANSCEND_API_KEY" --file=/Users/transcend/Desktop/test.csv --skipSendingReceipt`

Increase the concurrency (defaults to 50)

`sh transcend request upload --auth="$TRANSCEND_API_KEY" --file=/Users/transcend/Desktop/test.csv --concurrency=100`

Specify default country code for phone numbers

`sh transcend request upload \ --auth="$TRANSCEND_API_KEY" \ --file=/Users/transcend/Desktop/test.csv \ --defaultPhoneCountryCode=44`

Include debug logs - warning, this logs out personal data

`sh transcend request upload --auth="$TRANSCEND_API_KEY" --file=/Users/transcend/Desktop/test.csv --debug`

Specifying the backend URL, needed for US hosted backend infrastructure

`sh transcend request upload \ --auth="$TRANSCEND_API_KEY" \ --sombraAuth="$SOMBRA_INTERNAL_KEY" \ --file=/Users/transcend/Desktop/test.csv \ --transcendUrl=https://api.us.transcend.io`

Send email verification to user before request continues

`sh transcend request upload \ --auth="$TRANSCEND_API_KEY" \ --file=/Users/transcend/Desktop/test.csv \ --isSilent=false \ --emailIsVerified=false`

Tag all uploaded requests with custom fields (formerly known as "attributes")

`sh transcend request upload \ --auth="$TRANSCEND_API_KEY" \ --file=/Users/transcend/Desktop/test.csv \ --attributes=Tags:transcend-cli;my-customer-tag,Customer:acme-corp`

`$3`

Download the files associated with a Data Subject Access Request (DSAR) from DSR Automation -> Incoming Requests tab.

FLAGS --auth The Transcend API key. Requires scopes: "View the Request Compilation", "View Incoming Requests", "Request Approval and Communication" [--sombraAuth] The Sombra internal key, use for additional authentication when self-hosting Sombra [--concurrency] The concurrency to use when downloading requests in parallel [default = 10] [--requestIds]... Specify the specific request IDs to download [separator = ,] [--statuses] The request statuses to download. Comma-separated list. Defaults to APPROVING,DOWNLOADABLE. [REQUEST_MADE|FAILED_VERIFICATION|ENRICHING|ON_HOLD|WAITING|COMPILING|APPROVING|DELAYED|COMPLETED|DOWNLOADABLE|VIEW_CATEGORIES|CANCELED|SECONDARY|SECONDARY_COMPLETED|SECONDARY_APPROVING|REVOKED, separator = ,] [--folderPath] The folder to download files to [default = ./dsr-files] [--createdAtBefore] Download requests that were submitted before this time [--createdAtAfter] Download requests that were submitted after this time [--approveAfterDownload] If the request is in status=APPROVING, approve the request after its downloaded [default = false] [--transcendUrl] URL of the Transcend backend. Use https://api.us.transcend.io for US hosting [default = https://api.transcend.io] -h --help Print help information and exit`

Download the files associated with a Data Subject Access Request (DSAR) from DSR Automation -> Incoming Requests tab.

#### Examples

Download all requests in status=APPROVING or status=DOWNLOADABLE

`sh transcend request download-files --auth="$TRANSCEND_API_KEY"`

Specifying the backend URL, needed for US hosted backend infrastructure

`sh transcend request download-files --auth="$TRANSCEND_API_KEY" --transcendUrl=https://api.us.transcend.io`

Write files to a specific folder on disk

`sh transcend request download-files --auth="$TRANSCEND_API_KEY" --folderPath=./my-folder`

Auto approve after download

`sh transcend request download-files --auth="$TRANSCEND_API_KEY" --approveAfterDownload`

Download requests in APPROVING state only

`sh transcend request download-files --auth="$TRANSCEND_API_KEY" --statuses=APPROVING`

Increase the concurrency (defaults to 10)

`sh transcend request download-files --auth="$TRANSCEND_API_KEY" --concurrency=100`

Download requests in a timeframe

`sh transcend request download-files \ --auth="$TRANSCEND_API_KEY" \ --createdAtBefore=2025-05-03T00:00:00.000Z \ --createdAtAfter=2025-04-03T00:00:00.000Z`

Download specific requests

`sh transcend request download-files \ --auth="$TRANSCEND_API_KEY" \ --requestIds=b8c2ce13-9e40-4104-af79-23c68f2a87ba,d5eedc52-0f85-4034-bc01-14951acad5aa`

`$3`

Bulk cancel a set of privacy requests from the DSR Automation -> Incoming Requests tab.

FLAGS --auth The Transcend API key. Requires scopes: "View Incoming Requests", "Request Approval and Communication" --actions The request actions to cancel [AUTOMATED_DECISION_MAKING_OPT_OUT|USE_OF_SENSITIVE_INFORMATION_OPT_OUT|CONTACT_OPT_OUT|SALE_OPT_OUT|TRACKING_OPT_OUT|CUSTOM_OPT_OUT|AUTOMATED_DECISION_MAKING_OPT_IN|USE_OF_SENSITIVE_INFORMATION_OPT_IN|SALE_OPT_IN|TRACKING_OPT_IN|CONTACT_OPT_IN|CUSTOM_OPT_IN|ACCESS|ERASURE|RECTIFICATION|RESTRICTION|BUSINESS_PURPOSE|PLACE_ON_LEGAL_HOLD|REMOVE_FROM_LEGAL_HOLD, separator = ,] [--statuses] The request statuses to cancel. Comma-separated list. [REQUEST_MADE|FAILED_VERIFICATION|ENRICHING|ON_HOLD|WAITING|COMPILING|APPROVING|DELAYED|COMPLETED|DOWNLOADABLE|VIEW_CATEGORIES|CANCELED|SECONDARY|SECONDARY_COMPLETED|SECONDARY_APPROVING|REVOKED, separator = ,] [--requestIds]... Specify the specific request IDs to cancel [separator = ,] [--silentModeBefore] Any requests made before this date should be marked as silent mode for canceling to skip email sending [--createdAtBefore] Cancel requests that were submitted before this time [--createdAtAfter] Cancel requests that were submitted after this time [--cancellationTitle] The title of the email template that should be sent to the requests upon cancelation [default = Request Canceled] [--transcendUrl] URL of the Transcend backend. Use https://api.us.transcend.io for US hosting [default = https://api.transcend.io] [--concurrency] The concurrency to use when uploading requests in parallel [default = 50] -h --help Print help information and exit`

#### Examples

Bulk cancel all open SALE_OPT_OUT and ERASURE requests

`sh transcend request cancel --auth="$TRANSCEND_API_KEY" --actions=SALE_OPT_OUT,ERASURE`

Specifying the backend URL, needed for US hosted backend infrastructure

`sh transcend request cancel --auth="$TRANSCEND_API_KEY" --actions=ERASURE --transcendUrl=https://api.us.transcend.io`

Bulk cancel all Erasure (request.type=ERASURE) requests that are in an enriching state (request.status=ENRICHING)

`sh transcend request cancel --auth="$TRANSCEND_API_KEY" --actions=ERASURE --statuses=ENRICHING`

Send a specific email template to the request that are being canceled

`sh transcend request cancel --auth="$TRANSCEND_API_KEY" --actions=ERASURE --cancellationTitle="Custom Email Template"`

Cancel all open SALE_OPT_OUT, but mark any request made before 05/03/2023 as silent mode to prevent emailing those requests

`sh transcend request cancel \ --auth="$TRANSCEND_API_KEY" \ --actions=SALE_OPT_OUT \ --silentModeBefore=2025-05-03T00:00:00.000Z`

Cancel all open SALE_OPT_OUT, within a specific time frame

`sh transcend request cancel \ --auth="$TRANSCEND_API_KEY" \ --actions=SALE_OPT_OUT \ --createdAtBefore=2025-05-03T00:00:00.000Z \ --createdAtAfter=2025-04-03T00:00:00.000Z`

Increase the concurrency (defaults to 50)

`sh transcend request cancel --auth="$TRANSCEND_API_KEY" --actions=ERASURE --concurrency=500`

Bulk cancel requests by ID

`sh transcend request cancel \ --auth="$TRANSCEND_API_KEY" \ --actions=ACCESS,ERASURE,SALE_OPT_OUT,CONTACT_OPT_OUT \ --statuses=ENRICHING,COMPILING,APPROVING,WAITING,REQUEST_MADE,ON_HOLD,DELAYED,SECONDARY \ --requestIds=c3ae78c9-2768-4666-991a-d2f729503337,342e4bd1-64ea-4af0-a4ad-704b5a07cfe4`

`$3`

Bulk update a set of privacy requests based on a set of request filters.

FLAGS --auth The Transcend API key. Requires scopes: "Submit New Data Subject Request", "View the Request Compilation" --actions The request actions to restart [AUTOMATED_DECISION_MAKING_OPT_OUT|USE_OF_SENSITIVE_INFORMATION_OPT_OUT|CONTACT_OPT_OUT|SALE_OPT_OUT|TRACKING_OPT_OUT|CUSTOM_OPT_OUT|AUTOMATED_DECISION_MAKING_OPT_IN|USE_OF_SENSITIVE_INFORMATION_OPT_IN|SALE_OPT_IN|TRACKING_OPT_IN|CONTACT_OPT_IN|CUSTOM_OPT_IN|ACCESS|ERASURE|RECTIFICATION|RESTRICTION|BUSINESS_PURPOSE|PLACE_ON_LEGAL_HOLD|REMOVE_FROM_LEGAL_HOLD, separator = ,] --statuses The request statuses to restart [REQUEST_MADE|FAILED_VERIFICATION|ENRICHING|ON_HOLD|WAITING|COMPILING|APPROVING|DELAYED|COMPLETED|DOWNLOADABLE|VIEW_CATEGORIES|CANCELED|SECONDARY|SECONDARY_COMPLETED|SECONDARY_APPROVING|REVOKED, separator = ,] [--transcendUrl] URL of the Transcend backend. Use https://api.us.transcend.io for US hosting [default = https://api.transcend.io] [--requestReceiptFolder] The path to the folder where receipts of each upload are stored [default = ./privacy-request-upload-receipts] [--sombraAuth] The Sombra internal key, use for additional authentication when self-hosting Sombra [--concurrency] The concurrency to use when uploading requests in parallel [default = 15] [--requestIds]... Specify the specific request IDs to restart [separator = ,] [--emailIsVerified/--noEmailIsVerified] Indicate whether the primary email address is verified. Set to false to send a verification email [default = true] [--createdAt] Restart requests that were submitted before a specific date [--silentModeBefore] Requests older than this date should be marked as silent mode [--createdAtBefore] Restart requests that were submitted before this time [--createdAtAfter] Restart requests that were submitted after this time [--sendEmailReceipt] Send email receipts to the restarted requests [default = false] [--copyIdentifiers] Copy over all enriched identifiers from the initial request [default = false] [--skipWaitingPeriod] Skip queued state of request and go straight to compiling [default = false] -h --help Print help information and exit`

#### Examples

Restart requests with specific statuses and actions

`sh transcend request restart --auth="$TRANSCEND_API_KEY" --statuses=COMPILING,ENRICHING --actions=ACCESS,ERASURE`

For self-hosted sombras that use an internal key

`sh transcend request restart \ --auth="$TRANSCEND_API_KEY" \ --sombraAuth="$SOMBRA_INTERNAL_KEY" \ --statuses=COMPILING,ENRICHING \ --actions=ACCESS,ERASURE`

Specifying the backend URL, needed for US hosted backend infrastructure

`sh transcend request restart \ --auth="$TRANSCEND_API_KEY" \ --sombraAuth="$SOMBRA_INTERNAL_KEY" \ --statuses=COMPILING,ENRICHING \ --actions=ACCESS,ERASURE \ --transcendUrl=https://api.us.transcend.io`

Increase the concurrency (defaults to 15)

`sh transcend request restart \ --auth="$TRANSCEND_API_KEY" \ --statuses=COMPILING,ENRICHING \ --actions=ACCESS,ERASURE \ --concurrency=100`

Re-verify emails

`sh transcend request restart \ --auth="$TRANSCEND_API_KEY" \ --statuses=COMPILING,ENRICHING \ --actions=ACCESS,ERASURE \ --emailIsVerified=false`

Restart specific requests by ID

`sh transcend request restart \ --auth="$TRANSCEND_API_KEY" \ --statuses=COMPILING,ENRICHING \ --actions=ACCESS,ERASURE \ --requestIds=c3ae78c9-2768-4666-991a-d2f729503337,342e4bd1-64ea-4af0-a4ad-704b5a07cfe4`

Restart requests that were submitted before a specific date

`sh transcend request restart \ --auth="$TRANSCEND_API_KEY" \ --statuses=COMPILING,ENRICHING \ --actions=ACCESS,ERASURE \ --createdAt=2025-05-11T00:00:00.000Z`

Restart requests and place everything in silent mode submitted before a certain date

`sh transcend request restart \ --auth="$TRANSCEND_API_KEY" \ --statuses=COMPILING,ENRICHING \ --actions=ACCESS,ERASURE \ --silentModeBefore=2025-12-05T00:00:00.000Z`

Restart requests within a specific timeframe

`sh transcend request restart \ --auth="$TRANSCEND_API_KEY" \ --statuses=COMPILING,ENRICHING \ --actions=ACCESS,ERASURE \ --createdAtBefore=2025-04-05T00:00:00.000Z \ --createdAtAfter=2025-02-21T00:00:00.000Z`

Send email receipts to the restarted requests

`sh transcend request restart \ --auth="$TRANSCEND_API_KEY" \ --statuses=COMPILING,ENRICHING \ --actions=ACCESS,ERASURE \ --sendEmailReceipt`

Copy over all enriched identifiers from the initial request

`sh transcend request restart \ --auth="$TRANSCEND_API_KEY" \ --statuses=COMPILING,ENRICHING \ --actions=ACCESS,ERASURE \ --copyIdentifiers`

Skip queued state of request and go straight to compiling

`sh transcend request restart \ --auth="$TRANSCEND_API_KEY" \ --statuses=COMPILING,ENRICHING \ --actions=ACCESS,ERASURE \ --skipWaitingPeriod`

`$3`

Bulk notify a set of privacy requests from the DSR Automation -> Incoming Requests tab that more time is needed to complete the request. Note any request in silent mode will not be emailed.

FLAGS --auth The Transcend API key. Requires scopes: "View Incoming Requests", "Request Approval and Communication" --createdAtBefore Notify requests that are open but submitted before this time [--createdAtAfter] Notify requests that are open but submitted after this time [--actions] The request actions to notify [AUTOMATED_DECISION_MAKING_OPT_OUT|USE_OF_SENSITIVE_INFORMATION_OPT_OUT|CONTACT_OPT_OUT|SALE_OPT_OUT|TRACKING_OPT_OUT|CUSTOM_OPT_OUT|AUTOMATED_DECISION_MAKING_OPT_IN|USE_OF_SENSITIVE_INFORMATION_OPT_IN|SALE_OPT_IN|TRACKING_OPT_IN|CONTACT_OPT_IN|CUSTOM_OPT_IN|ACCESS|ERASURE|RECTIFICATION|RESTRICTION|BUSINESS_PURPOSE|PLACE_ON_LEGAL_HOLD|REMOVE_FROM_LEGAL_HOLD, separator = ,] [--daysLeft] Only notify requests that have less than this number of days until they are considered expired [default = 10] [--days] The number of days to adjust the expiration of the request to [default = 45] [--requestIds]... Specify the specific request IDs to notify [separator = ,] [--emailTemplate] The title of the email template that should be sent to the requests [default = Additional Time Needed] [--transcendUrl] URL of the Transcend backend. Use https://api.us.transcend.io for US hosting [default = https://api.transcend.io] [--concurrency] The concurrency to use when uploading requests in parallel [default = 50] -h --help Print help information and exit`

#### Examples

Notify all request types that were made before 01/01/2024

`sh transcend request notify-additional-time --auth="$TRANSCEND_API_KEY" --createdAtBefore=2025-01-01T00:00:00.000Z`

Notify all request types that were made during a date range

`sh transcend request notify-additional-time \ --auth="$TRANSCEND_API_KEY" \ --createdAtBefore=2025-01-01T00:00:00.000Z \ --createdAtAfter=2025-12-15T00:00:00.000Z`

Notify certain request types

`sh transcend request notify-additional-time \ --auth="$TRANSCEND_API_KEY" \ --createdAtBefore=2025-01-01T00:00:00.000Z \ --actions=SALE_OPT_OUT,ERASURE`

Specifying the backend URL, needed for US hosted backend infrastructure

`sh transcend request notify-additional-time \ --auth="$TRANSCEND_API_KEY" \ --createdAtBefore=2025-01-01T00:00:00.000Z \ --transcendUrl=https://api.us.transcend.io`

Bulk notify requests by ID

`sh transcend request notify-additional-time \ --auth="$TRANSCEND_API_KEY" \ --createdAtBefore=2025-01-01T00:00:00.000Z \ --requestIds=c3ae78c9-2768-4666-991a-d2f729503337,342e4bd1-64ea-4af0-a4ad-704b5a07cfe4`

Only notify requests that are expiring in the next 3 days or less

`sh transcend request notify-additional-time \ --auth="$TRANSCEND_API_KEY" \ --createdAtBefore=2025-01-01T00:00:00.000Z \ --daysLeft=3`

Change number of days to extend request by

`sh transcend request notify-additional-time \ --auth="$TRANSCEND_API_KEY" \ --createdAtBefore=2025-01-01T00:00:00.000Z \ --days=30`

Send a specific email template to the request that instead of the default

`sh transcend request notify-additional-time \ --auth="$TRANSCEND_API_KEY" \ --createdAtBefore=2025-01-01T00:00:00.000Z \ --emailTemplate="Custom Email Template"`

Increase the concurrency (defaults to 50)

`sh transcend request notify-additional-time \ --auth="$TRANSCEND_API_KEY" \ --createdAtBefore=2025-01-01T00:00:00.000Z \ --concurrency=500`

`$3`

Bulk update a set of privacy requests from the DSR Automation -> Incoming Requests tab to be in silent mode.

#### Examples

Bulk mark silent all open SALE_OPT_OUT and ERASURE requests

`sh transcend request mark-silent --auth="$TRANSCEND_API_KEY" --actions=SALE_OPT_OUT,ERASURE`

Specifying the backend URL, needed for US hosted backend infrastructure

`sh transcend request mark-silent \ --auth="$TRANSCEND_API_KEY" \ --actions=ERASURE \ --transcendUrl=https://api.us.transcend.io`

Bulk mark as silent all Erasure (request.type=ERASURE) requests that are in an enriching state (request.status=ENRICHING)

`sh transcend request mark-silent --auth="$TRANSCEND_API_KEY" --actions=ERASURE --statuses=ENRICHING`

Bulk mark as silent requests by ID

`sh transcend request mark-silent \ --auth="$TRANSCEND_API_KEY" \ --actions=ACCESS,ERASURE,SALE_OPT_OUT,CONTACT_OPT_OUT \ --statuses=ENRICHING,COMPILING,APPROVING,WAITING,REQUEST_MADE,ON_HOLD,DELAYED,SECONDARY \ --requestIds=c3ae78c9-2768-4666-991a-d2f729503337,342e4bd1-64ea-4af0-a4ad-704b5a07cfe4`

Mark sale opt out requests as silent within a certain date range

`sh transcend request mark-silent \ --auth="$TRANSCEND_API_KEY" \ --actions=SALE_OPT_OUT \ --createdAtBefore=2025-05-03T00:00:00.000Z \ --createdAtAfter=2025-04-03T00:00:00.000Z`

Increase the concurrency (defaults to 50)

`sh transcend request mark-silent --auth="$TRANSCEND_API_KEY" --actions=ERASURE --concurrency=500`

`$3`

Bulk restart a particular enricher across a series of DSRs.

The API key needs the following scopes: - Manage Request Compilation

FLAGS --auth The Transcend API key. Requires scopes: "Manage Request Compilation" --enricherId The ID of the enricher to restart [--actions] The request action to restart [AUTOMATED_DECISION_MAKING_OPT_OUT|USE_OF_SENSITIVE_INFORMATION_OPT_OUT|CONTACT_OPT_OUT|SALE_OPT_OUT|TRACKING_OPT_OUT|CUSTOM_OPT_OUT|AUTOMATED_DECISION_MAKING_OPT_IN|USE_OF_SENSITIVE_INFORMATION_OPT_IN|SALE_OPT_IN|TRACKING_OPT_IN|CONTACT_OPT_IN|CUSTOM_OPT_IN|ACCESS|ERASURE|RECTIFICATION|RESTRICTION|BUSINESS_PURPOSE|PLACE_ON_LEGAL_HOLD|REMOVE_FROM_LEGAL_HOLD, separator = ,] [--requestEnricherStatuses] The request enricher statuses to restart [QUEUED|WAITING|SKIPPED|ERROR|RESOLVED|ACTION_REQUIRED|REMOTE_PROCESSING|WAITING_ON_DEPENDENCIES|POLLING, separator = ,] [--transcendUrl] URL of the Transcend backend. Use https://api.us.transcend.io for US hosting [default = https://api.transcend.io] [--concurrency] The concurrency to use when uploading requests in parallel [default = 15] [--requestIds]... Specify the specific request IDs to restart [separator = ,] [--createdAtBefore] Restart requests that were submitted before this time [--createdAtAfter] Restart requests that were submitted after this time -h --help Print help information and exit`

#### Examples

Restart a particular enricher across a series of DSRs

`sh transcend request enricher-restart --auth="$TRANSCEND_API_KEY" --enricherId=3be5e898-fea9-4614-84de-88cd5265c557`

Restart specific request types

`sh transcend request enricher-restart \ --auth="$TRANSCEND_API_KEY" \ --enricherId=3be5e898-fea9-4614-84de-88cd5265c557 \ --actions=ACCESS,ERASURE`

Specifying the backend URL, needed for US hosted backend infrastructure

`sh transcend request enricher-restart \ --auth="$TRANSCEND_API_KEY" \ --enricherId=3be5e898-fea9-4614-84de-88cd5265c557 \ --transcendUrl=https://api.us.transcend.io`

Increase the concurrency (defaults to 15)

`sh transcend request enricher-restart \ --auth="$TRANSCEND_API_KEY" \ --enricherId=3be5e898-fea9-4614-84de-88cd5265c557 \ --concurrency=100`

Restart requests within a specific timeframe

`sh transcend request enricher-restart \ --auth="$TRANSCEND_API_KEY" \ --enricherId=3be5e898-fea9-4614-84de-88cd5265c557 \ --createdAtBefore=2025-04-05T00:00:00.000Z \ --createdAtAfter=2025-02-21T00:00:00.000Z`

Restart requests that are in an error state

`sh transcend request enricher-restart \ --auth="$TRANSCEND_API_KEY" \ --enricherId=3be5e898-fea9-4614-84de-88cd5265c557 \ --requestEnricherStatuses=ERROR`

`$3`

Bulk clear out any request identifiers that are unverified.

#### Examples

Bulk clear out any request identifiers that are unverified

`sh transcend request reject-unverified-identifiers --auth="$TRANSCEND_API_KEY" --identifierNames=phone`

Restart specific request types

`sh transcend request reject-unverified-identifiers \ --auth="$TRANSCEND_API_KEY" \ --identifierNames=phone \ --actions=ACCESS,ERASURE`

Specifying the backend URL, needed for US hosted backend infrastructure

`sh transcend request reject-unverified-identifiers \ --auth="$TRANSCEND_API_KEY" \ --identifierNames=phone \ --transcendUrl=https://api.us.transcend.io`

`$3`

Export privacy requests and request identifiers to a CSV file.

FLAGS --auth The Transcend API key. Requires scopes: "View Incoming Requests", "View the Request Compilation" [--sombraAuth] The Sombra internal key, use for additional authentication when self-hosting Sombra [--actions] The request actions to export [AUTOMATED_DECISION_MAKING_OPT_OUT|USE_OF_SENSITIVE_INFORMATION_OPT_OUT|CONTACT_OPT_OUT|SALE_OPT_OUT|TRACKING_OPT_OUT|CUSTOM_OPT_OUT|AUTOMATED_DECISION_MAKING_OPT_IN|USE_OF_SENSITIVE_INFORMATION_OPT_IN|SALE_OPT_IN|TRACKING_OPT_IN|CONTACT_OPT_IN|CUSTOM_OPT_IN|ACCESS|ERASURE|RECTIFICATION|RESTRICTION|BUSINESS_PURPOSE|PLACE_ON_LEGAL_HOLD|REMOVE_FROM_LEGAL_HOLD, separator = ,] [--statuses] The request statuses to export [REQUEST_MADE|FAILED_VERIFICATION|ENRICHING|ON_HOLD|WAITING|COMPILING|APPROVING|DELAYED|COMPLETED|DOWNLOADABLE|VIEW_CATEGORIES|CANCELED|SECONDARY|SECONDARY_COMPLETED|SECONDARY_APPROVING|REVOKED, separator = ,] [--transcendUrl] URL of the Transcend backend. Use https://api.us.transcend.io for US hosting [default = https://api.transcend.io] [--file] Path to the CSV file where identifiers will be written to [default = ./transcend-request-export.csv] [--concurrency] The concurrency to use when uploading requests in parallel [default = 50] [--skipRequestIdentifiers/--noSkipRequestIdentifiers] Skip exporting request identifiers [--createdAtBefore] Pull requests that were submitted before this time [--createdAtAfter] Pull requests that were submitted after this time [--showTests/--noShowTests] Filter for test requests or production requests - when not provided, pulls both [--pageLimit] The page limit to use when pulling in pages of requests [default = 100] -h --help Print help information and exit`

#### Examples

Pull all requests

`sh transcend request export --auth="$TRANSCEND_API_KEY"`

Filter for specific actions and statuses

`sh transcend request export --auth="$TRANSCEND_API_KEY" --statuses=COMPILING,ENRICHING --actions=ACCESS,ERASURE`

Specifying the backend URL, needed for US hosted backend infrastructure

`sh transcend request export --auth="$TRANSCEND_API_KEY" --transcendUrl=https://api.us.transcend.io`

With Sombra authentication

`sh transcend request export --auth="$TRANSCEND_API_KEY" --sombraAuth="$SOMBRA_INTERNAL_KEY"`

Increase the concurrency (defaults to 100)

`sh transcend request export --auth="$TRANSCEND_API_KEY" --concurrency=500`

Filter for production requests only

`sh transcend request export --auth="$TRANSCEND_API_KEY" --showTests=false`

Filter for requests within a date range

`sh transcend request export \ --auth="$TRANSCEND_API_KEY" \ --createdAtBefore=2025-04-05T00:00:00.000Z \ --createdAtAfter=2025-02-21T00:00:00.000Z`

Write to a specific file location

`sh transcend request export --auth="$TRANSCEND_API_KEY" --file=./path/to/file.csv`

Skip fetching request identifiers

`sh transcend request export --auth="$TRANSCEND_API_KEY" --skipRequestIdentifiers`

`$3`

`txt USAGE transcend request skip-preflight-jobs (--auth value) (--enricherIds value)... [--transcendUrl value] transcend request skip-preflight-jobs --help

This command allows for bulk skipping preflight checks.

FLAGS --auth The Transcend API key. Requires scopes: "Manage Request Compilation" --enricherIds... The ID of the enrichers to skip privacy request jobs for [separator = ,] [--transcendUrl] URL of the Transcend backend. Use https://api.us.transcend.io for US hosting [default = https://api.transcend.io] -h --help Print help information and exit`

#### Examples

Bulk skipping preflight checks

`sh transcend request skip-preflight-jobs --auth="$TRANSCEND_API_KEY" --enricherIds=70810f2e-cf90-43f6-9776-901a5950599f`

Specifying the backend URL, needed for US hosted backend infrastructure

`sh transcend request skip-preflight-jobs \ --auth="$TRANSCEND_API_KEY" \ --enricherIds=70810f2e-cf90-43f6-9776-901a5950599f,db1e64ba-cea6-43ff-ad27-5dc8122e5224 \ --transcendUrl=https://api.us.transcend.io`

`$3`

`txt USAGE transcend request system mark-request-data-silos-completed (--auth value) (--dataSiloId value) [--file value] [--transcendUrl value] transcend request system mark-request-data-silos-completed --help

This command takes in a CSV of Request IDs as well as a Data Silo ID and marks all associated privacy request jobs as completed. This command is useful with the "Bulk Response" UI. The CSV is expected to have 1 column named "Request Id".

FLAGS --auth The Transcend API key. Requires scopes: "Manage Request Compilation" --dataSiloId The ID of the data silo to pull in [--file] Path to the CSV file where identifiers will be written to. The CSV is expected to have 1 column named "Request Id". [default = ./request-identifiers.csv] [--transcendUrl] URL of the Transcend backend. Use https://api.us.transcend.io for US hosting [default = https://api.transcend.io] -h --help Print help information and exit`

#### Examples

Mark all associated privacy request jobs as completed

`sh transcend request system mark-request-data-silos-completed \ --auth="$TRANSCEND_API_KEY" \ --dataSiloId=70810f2e-cf90-43f6-9776-901a5950599f`

Pull to a specific file location

`sh transcend request system mark-request-data-silos-completed \ --auth="$TRANSCEND_API_KEY" \ --dataSiloId=70810f2e-cf90-43f6-9776-901a5950599f \ --file=/Users/transcend/Desktop/test.csv`

Specifying the backend URL, needed for US hosted backend infrastructure

`sh transcend request system mark-request-data-silos-completed \ --auth="$TRANSCEND_API_KEY" \ --dataSiloId=70810f2e-cf90-43f6-9776-901a5950599f \ --transcendUrl=https://api.us.transcend.io`

`$3`

This command allows for bulk restarting a set of data silos jobs for open privacy requests. This is equivalent to clicking the "Wipe and Retry" button for a particular data silo across a set of privacy requests.

#### Examples

Bulk restarting a set of data silos jobs for open privacy requests

`sh transcend request system retry-request-data-silos \ --auth="$TRANSCEND_API_KEY" \ --dataSiloId=70810f2e-cf90-43f6-9776-901a5950599f \ --actions=ACCESS`

Specifying the backend URL, needed for US hosted backend infrastructure

`sh transcend request system retry-request-data-silos \ --auth="$TRANSCEND_API_KEY" \ --dataSiloId=70810f2e-cf90-43f6-9776-901a5950599f \ --actions=ACCESS \ --transcendUrl=https://api.us.transcend.io`

`$3`

This command allows for bulk skipping all open privacy request jobs for a particular data silo. This command is useful if you want to disable a data silo and then clear out any active privacy requests that are still queued up for that data silo.

#### Examples

Bulk skipping all open privacy request jobs for a particular data silo

`sh transcend request system skip-request-data-silos \ --auth="$TRANSCEND_API_KEY" \ --dataSiloId=70810f2e-cf90-43f6-9776-901a5950599f \ --statuses=COMPILING,SECONDARY`

Specifying the backend URL, needed for US hosted backend infrastructure

`sh transcend request system skip-request-data-silos \ --auth="$TRANSCEND_API_KEY" \ --dataSiloId=70810f2e-cf90-43f6-9776-901a5950599f \ --transcendUrl=https://api.us.transcend.io \ --statuses=COMPILING,SECONDARY`

Only mark as completed requests in "removing data" phase

`sh transcend request system skip-request-data-silos \ --auth="$TRANSCEND_API_KEY" \ --dataSiloId=70810f2e-cf90-43f6-9776-901a5950599f \ --statuses=SECONDARY`

Set to status "RESOLVED" instead of status "SKIPPED"

`sh transcend request system skip-request-data-silos \ --auth="$TRANSCEND_API_KEY" \ --dataSiloId=70810f2e-cf90-43f6-9776-901a5950599f \ --statuses=COMPILING,SECONDARY \ --status=RESOLVED`

`$3`

This command pulls down the set of privacy requests that are currently pending manual enrichment.

This is useful for the following workflow:

1. Pull identifiers to CSV:

transcend request preflight pull-identifiers --file=./enrichment-requests.csv

2. Fill out the CSV with additional identifiers

3. Push updated back to Transcend:

transcend request preflight push-identifiers --file=./enrichment-requests.csv

FLAGS
--auth The Transcend API key. Requires scopes: "View Incoming Requests", "View the Request Compilation"
[--sombraAuth] The Sombra internal key, use for additional authentication when self-hosting Sombra
[--transcendUrl] URL of the Transcend backend. Use https://api.us.transcend.io for US hosting [default = https://api.transcend.io]
[--file] Path to the CSV file where requests will be written to [default = ./manual-enrichment-identifiers.csv]
[--actions] The request actions to pull for [AUTOMATED_DECISION_MAKING_OPT_OUT|USE_OF_SENSITIVE_INFORMATION_OPT_OUT|CONTACT_OPT_OUT|SALE_OPT_OUT|TRACKING_OPT_OUT|CUST

Transcend CLI

A command line interface that allows you to programatically interact with the Transcend.

Changelog

To stay up to date on breaking changes to the CLI between major version updates, please refer to CHANGELOG.md.

Installation

This package is distributed through npm, and assumes an installation of npm and Node.

``sh npm install --global @transcend-io/cli transcend --help`

You can also run the CLI using npx:

`sh npx -p @transcend-io/cli -- transcend --help`

Note

`transcend.yml`

The API for this YAML file can be found in ./src/codecs.ts under the variable named "TranscendInput". The shape of the YAML file will be type-checked every time a command is run.

Your editor will use the latest version's schema. To pin the transcend.yml schema to a previous major version, include this at the top of your file (and change v4 to your target major version):

`yml

`yaml-language-server: $schema=https://raw.githubusercontent.com/transcend-io/cli/main/transcend-yml-schema-v4.json`

The structure of transcend.yml looks something like the following:

`yaml

`Manage at: https://app.transcend.io/infrastructure/api-keys`


See https://docs.transcend.io/docs/authentication

Define API keys that may be shared across data silos

in the data map. When creating new data silos through the YAML

CLI, it is possible to specify which API key should be associated

with the newly created data silo.

api-keys:
  - title: Webhook Key
  - title: Analytics Key
Manage at: https://app.transcend.io/privacy-requests/identifiers

See https://docs.transcend.io/docs/identity-enrichment

Define enricher or pre-flight check webhooks that will be executed

prior to privacy request workflows. Some examples may include:

  - identity enrichment: look up additional identifiers for that user.

                         i.e. map an email address to a user ID

  - fraud check: auto-cancel requests if the user is flagged for fraudulent behavior

  - customer check: auto-cancel request for some custom business criteria

enrichers:
  - title: Basic Identity Enrichment
    description: Enrich an email address to the userId and phone number
    url: https://example.acme.com/transcend-enrichment-webhook
    input-identifier: email
    output-identifiers:
      - userId
      - phone
      - myUniqueIdentifier
  - title: Fraud Check
    description: Ensure the email address is not marked as fraudulent
    url: https://example.acme.com/transcend-fraud-check
    input-identifier: email
    output-identifiers:
      - email
    privacy-actions:
      - ERASURE
Manage at: https://app.transcend.io/privacy-requests/connected-services

See https://docs.transcend.io/docs/the-data-map#data-silos

Define the data silos in your data map. A data silo can be a database,

or a web service that may use a collection of different data stores under the hood.

data-silos:
  # Note: title is the only required top-level field for a data silo
  - title: Redshift Data Warehouse
    description: The mega-warehouse that contains a copy over all SQL backed databases
    integrationName: server
    url: https://example.acme.com/transcend-webhook
    api-key-title: Webhook Key
    data-subjects:
      - customer
      - employee
      - newsletter-subscriber
      - b2b-contact
    identity-keys:
      - email
      - userId
    deletion-dependencies:
      - Identity Service
    owners:
      - alice@transcend.io
    datapoints:
      - title: Webhook Notification
        key: _global
        privacy-actions:
          - ACCESS
          - ERASURE
          - SALE_OPT_OUT
      - title: User Model
        description: The centralized user model user
        key: users
        privacy-actions:
          - ACCESS
        fields:
          - key: firstName
            title: First Name
            description: The first name of the user, inputted during onboarding
          - key: email
            title: Email
            description: The email address of the user


Usage
$3