Skip to main content
Concept: India DPDP guide | API: India DPDP overview
Every DPDP endpoint is available as a typed method on client.dpdp. The sub-client is attached automatically — construct a RailScoreClient and reach for client.dpdp.*. The async client (AsyncRAILClient) exposes the same methods on await client.dpdp.*. 
from rail_score_sdk import RailScoreClient

client = RailScoreClient(api_key="YOUR_RAIL_API_KEY")
scan = client.dpdp.scan("Applicant PAN ABCDE1234F", pii_action="mask")

Scan content for Indian PII

Detect Aadhaar (Verhoeff-validated), PAN, UPI, mobile, and more, plus child signals (S.9) and purpose drift (S.4). Choose detect, mask, or block. 
result = client.dpdp.scan(
    "Applicant PAN is ABCDE1234F and mobile 9876543210.",
    pii_action="detect",
    purpose="loan_advisory",
)
print(result.compliant, [p.type for p in result.pii_found])

Gate a decision

evaluate returns a deterministic verdict — allow, block, or require_action — for the action you are about to take. 
decision = client.dpdp.evaluate(
    action="make_decision",
    context={"user_id": "u_42", "purpose": "loan_advisory"},
    session_id="sess_1a2b3c",  # optional, ties the decision to a session
)

if decision.verdict == "require_action":
    print("Outstanding obligations:", decision.required_actions)

Record events

emit writes 1–50 compliance events and auto-starts any statutory timers they trigger (for example, dsr.received starts the response clock). 
client.dpdp.emit(
    [
        {"type": "notice.shown", "data": {"user_id": "u_42"}},
        {"type": "consent.granted", "data": {"user_id": "u_42", "purpose": "loan_advisory"}},
    ],
    session_id="sess_1a2b3c",
)

Required actions for a workflow step

required = client.dpdp.require(
    session_id="sess_1a2b3c",
    workflow_step="data_processing",
)
for action in required.required_actions:
    print(action)

Sessions

A session threads one data principal’s journey together. create_session requires a purpose — the SDK raises ValueError immediately if it is empty (it will not waste a round trip). 
session = client.dpdp.create_session(
    purpose="loan_advisory",
    entity_type="data_fiduciary",
)
fetched = client.dpdp.get_session(session.session_id)
print(fetched.state.consent_status)

Timers

List regulatory deadline timers, filtered by status, type, or how soon they are due. 
timers = client.dpdp.list_timers(status="active", approaching_days=30)
print(timers.summary.total_active)
for t in timers.timers:
    print(t.type, t.days_remaining)

Evidence (Pro+)

Assemble an audit-grade packet from the session’s recorded trail. 
packet = client.dpdp.evidence(
    evidence_type="dsr_response",
    params={"session_id": "sess_1a2b3c", "request_id": "r_9"},
)

System audit

dpdp_audit runs a tiered compliance assessment of a system description, with entity-specific context and penalty-exposure scoring. It wraps the hosted compliance check, so it is hosted-only. 
from rail_score_sdk import DPDPHostedOnlyError

try:
    audit = client.dpdp.dpdp_audit(
        content="Our fintech processes Aadhaar for KYC; consent via checkbox.",
        entity_type="data_fiduciary",
        sector="finance",
    )
    print(audit.overall_label, audit.total_penalty_exposure_crore)
except DPDPHostedOnlyError:
    # Raised when pointed at a self-hosted agent that does not serve the audit.
    print("dpdp_audit runs against the hosted API only.")
dpdp_audit and the underlying compliance check are available on the hosted API only. Against a self-hosted RAIL agent the SDK raises DPDPHostedOnlyError instead of a raw 404/501.

Error handling

The DPDP methods raise the standard SDK errors (AuthenticationError, RateLimitError, InsufficientTierError for evidence below Pro) plus DPDP-specific ones. 
from rail_score_sdk import DPDPHostedOnlyError
from rail_score_sdk import AuthenticationError, RateLimitError

try:
    client.dpdp.scan("...", pii_action="block")
except AuthenticationError:
    print("Check your API key")
except RateLimitError:
    print("Slow down requests")

DPDP API reference

Every endpoint, credit costs, and the response envelope.

Configuration

Inspect your application’s policy, plan capabilities, and dimensions.