Automating Action Items for Subject Rights

This tutorial uses AWS Lambda for simplicity, but you can use any framework (e.g., Express API on ECS, etc.). As long as you can provide an API to receive the webhook requests. If you're not using the provided sample code, the workflow remains the same.

This guide walks you through setting up a webhook integration using AWS Lambda to automate Subject Rights (DSAR) action items for manual data stores.

You'll:

Deploy a Lambda function to process webhook payloads
Configure a webhook in Osano
Automatically complete action items via Osano’s API

The code will do the following:

Parse the webhook payload
Search for the requester’s data
- For example, search a database where you're storing the requester's data
Handle the requested action (e.g., DELETE, OPT_OUT)
- For example, delete the requester's data from your database
Attach a summary file of the requester's data to the action item via the summaries API endpoint

POST /api/v1/subject-rights/action-items/{action_item_id}/summaries
Content-Type: application/json
Authorization: Bearer {your_api_key}
Body: {user_data}

Mark the action item complete via the update API endpoint

PATCH /api/v1/subject-rights/action-items/{action_item_id}
Content-Type: application/json
Authorization: Bearer {your_api_key}
Body: { "status": "COMPLETED" }

Prerequisites

AWS account with Lambda access
Clone the Webhook Sample Apps repo

Step 1: Create a Lambda

Go to Lambda → Functions → Create function
Choose Author from scratch
Set the following during creation:
- Runtime: Node.js 22.x
- Architecture: arm64
- Function URL: Enabled (public url)
  - ⚠️ For production use, it may be good to put your Lambda function behind authentication
Follow the DSAR Sample App README to generate a .zip and upload it to your Lambda function under Code → Upload from → .zip file

Note down the Function URL — you'll need it in Step 4.

Environment Variables

Go to Configuration → Environment variables and add:

Key	Value
`OSANO_API_KEY`	Your Osano API key

Additional Configuration

Increase the Lambda timeout to 1 minute.

Step 2: Create a Data Store

Now log in to Osano and create a manual data store
Add the following fields:

Field	Location	Classification
id	users	Online ID
email	users	Email
name	users	Name

NOTE: You would add the actual fields your data store contains when using this in production

Step 3: Create a Form

Navigate to Subject Rights → Forms and create a new form
On the form details page under Settings → Action Item Processing, select the Only the following Data Store(s) option and add the data store you just created in Step 2

Step 4: Configure the Webhook

Now navigate to Webhooks from the Settings icon in the top right and create a new webhook via the Add Webhook button
Set the following:

App and Event

Product	Event
Subject Rights	Action Item Generated

Filters

Field	Condition	Value
`{{dataStoreName}}`	Equals	Your Data Store Name

Actions

Method	URL
POST	Your Lambda Function URL

Headers

Name	Value
Content-Type	application/json

Content

{
    "actionItemId": "{{dsarActionItemId}}",
    "email": "{{dsarDetails.email}}",
    "requestedAction": "{{requestedAction}}"
}

Check out the variables documentation to see a full list of variables available for substitution.

Step 5: Test the Webhook

Submit a Subject Rights request to the form you created in Step 3
Verify your email to ensure action items are generated
Navigate to the request details from the Subject Rights -> Requests page
There should be a completed action item with a file attached

Overall, you've now automated action items for a manual data store.

Prerequisites​

Step 1: Create a Lambda​

Environment Variables​

Additional Configuration​

Step 2: Create a Data Store​

Step 3: Create a Form​

Step 4: Configure the Webhook​

App and Event​

Filters​

Actions​

Headers​

Content​

Step 5: Test the Webhook​