> ## Documentation Index > Fetch the complete documentation index at: https://docs.trulayer.ai/llms.txt > Use this file to discover all available pages before exploring further. # Public sub-processor registry (TRU-52) > Returns TruLayer's current list of sub-processors as required by GDPR Art. 28(2). Public — no authentication. Content is negotiated via the `Accept` header: - `application/rss+xml` (or `text/xml`/`application/xml`) → RSS 2.0 feed including active sub-processors plus those retired within the last 90 days. - default / `application/json` → JSON envelope of active sub-processors only. ## OpenAPI ````yaml /api-reference/openapi.yaml get /v1/subprocessors openapi: 3.1.0 info: title: TruLayer API version: 0.1.0 description: | Trace ingestion, evaluation, query, and feedback API for TruLayer AI. ### Authentication Two auth schemes coexist: SDK API keys (`Authorization: Bearer tl_...`) and Clerk session JWTs (dashboard). Routes marked "requires Clerk auth" in their summary are unreachable via API key. ### Roles (TRU-234) Dashboard requests carry one of three organization roles: `owner`, `member`, `viewer`. Endpoints enforce role allowlists, not rank comparisons. See `docs/security.md` for the full role-permission matrix. - **owner** — full control including billing, member management, destructive deletes on failure-rules/model-routes/webhooks/eval-rules, control-loop execution, and DLQ resolution. - **member** — read + write (ingest, feedback, evals, API keys, projects, failure-rules, model-routes, webhooks). - **viewer** — read-only dashboard access plus compliance read access to `/v1/audit-log` and `/v1/dlq`. servers: - url: https://api.trulayer.ai description: Production - url: http://localhost:8080 description: Local development security: - BearerAuth: [] tags: - name: health - name: ingest - name: traces - name: metrics - name: feedback - name: evals - name: eval-rules - name: control - name: apikeys - name: model-routes - name: datasets - name: search - name: anomaly - name: webhooks - name: failure-rules - name: eval-runs - name: ci - name: otlp - name: billing - name: deprecations - name: audit - name: failures - name: projects - name: compliance - name: dsr - name: policies - name: members paths: /v1/subprocessors: get: tags: - compliance summary: Public sub-processor registry (TRU-52) description: | Returns TruLayer's current list of sub-processors as required by GDPR Art. 28(2). Public — no authentication. Content is negotiated via the `Accept` header: - `application/rss+xml` (or `text/xml`/`application/xml`) → RSS 2.0 feed including active sub-processors plus those retired within the last 90 days. - default / `application/json` → JSON envelope of active sub-processors only. operationId: listSubprocessors responses: '200': description: Sub-processor list content: application/json: schema: $ref: '#/components/schemas/SubprocessorList' application/rss+xml: schema: type: string description: RSS 2.0 feed of sub-processor changes. security: [] components: schemas: SubprocessorList: type: object required: - subprocessors - updated_at properties: subprocessors: type: array items: $ref: '#/components/schemas/Subprocessor' updated_at: type: string format: date-time Subprocessor: type: object required: - id - vendor - purpose - region - effective_at properties: id: type: string format: uuid vendor: type: string purpose: type: string region: type: string dpa_url: type: string nullable: true effective_at: type: string format: date-time retired_at: type: string format: date-time nullable: true securitySchemes: BearerAuth: type: http scheme: bearer description: SDK API key (`tl_...`) or Clerk session JWT ````