PDPA Platform SDK
A comprehensive JavaScript/TypeScript SDK for integrating PDPA compliance features into your application. Manage consent, cookie preferences, and data subject requests with ease.
Introduction
The PDPA Platform SDK provides a simple and type-safe way to integrate Thailand's Personal Data Protection Act compliance features into your web applications. Built with TypeScript, it offers full type safety and intelligent autocomplete for all API operations.
Type Safe
Full TypeScript support with end-to-end type safety using Eden Treaty.
Lightweight
Minimal footprint with tree-shaking support for optimal performance.
Easy Integration
Simple setup with minimal configuration required.
Installation
Install the SDK using your preferred package manager:
tsxQuick Start
Get started in minutes by initializing the SDK with your API key:
Initialize SDK
Create a PDPA Platform client instance with your API credentials.
tsxGetting Your API Key
Navigate to the API Keys section in your admin dashboard to generate a new API key for your application.
UI Components
For the fastest integration, use our pre-built UI components from @pdpa-platform/sdk/ui. These ready-to-use components handle all the logic and styling for you.
Cookie Banner Component
Drop-in cookie consent banner with full functionality.
tsxConsent Form Component
Pre-built consent collection form with validation.
tsxDSR Request Form
Data subject request submission form.
tsxConsent Status Badge
Display current consent status for a user.
tsxAvailable UI Components
CookieBanner — Cookie consent bannerConsentForm — Consent collection formDSRRequestForm — Data subject request formConsentBadge — Consent status indicatorConsentToggle — Consent toggle switchPrivacySettings — Full privacy settings panelCookieTable — Display cookie inventoryConsentLog — User consent historyAuthentication
The SDK uses API keys for authentication. Include your API key in the initialization options:
Server-Side Usage
Use secret API keys in your backend code.
tsxClient-Side Usage
Use public API keys in browser environments.
tsxSecurity Best Practices
- Never expose secret API keys in client-side code
- Use environment variables to store API keys
- Rotate API keys periodically for enhanced security
Consent Management
Manage user consent records with full audit trails. Track consent given, withdrawn, or updated with detailed timestamps and metadata.
Record Consent
Create a new consent record for a user.
tsxRetrieve Consent Status
Check if a user has consented to a specific purpose.
tsxList Consent History
Get paginated consent history for a user.
tsxWithdraw Consent
Withdraw previously given consent.
tsxData Subject Requests
Handle data subject requests (access, deletion, portability) in compliance with PDPA regulations. Automate workflows and track request status.
Submit a Request
Submit a new data subject request.
tsxCheck Request Status
Check the current status of a DSR.
tsxList User Requests
Get all DSRs for a specific user.
tsxDownload Data Export
Download the data export for a portability request.
tsxWebhooks
Receive real-time notifications for events in your PDPA Platform account. Set up webhooks to be notified when consent is updated, DSRs are submitted, or other events occur.
Configure Webhook Endpoint
Register a new webhook endpoint to receive events.
tsxVerify Webhook Signature
Verify the webhook signature to ensure the request is authentic.
tsxWebhook Events
| Event | Description |
|---|---|
| consent.granted | User has given consent for a purpose |
| consent.withdrawn | User has withdrawn consent |
| dsr.submitted | New data subject request received |
| dsr.completed | DSR processing completed |
| cookie.preferences_updated | User updated cookie preferences |
Examples
Complete examples for common use cases:
Next.js API Route
Handle consent recording in a Next.js API route.
tsxExpress Middleware
Create middleware to check consent before processing requests.
tsxVue.js Composable
Create a Vue composable for cookie consent management.
tsxError Handling
The SDK throws typed errors that you can catch and handle appropriately:
Error Handling Example
Catch and handle different types of SDK errors.
tsx| Error Class | Status | Description |
|---|---|---|
| ValidationError | 400 | Invalid request parameters |
| AuthenticationError | 401 | Invalid or missing API key |
| ForbiddenError | 403 | Insufficient permissions |
| NotFoundError | 404 | Resource not found |
| RateLimitError | 429 | Too many requests |
| PDPAError | 500 | Internal server error |