An opensource solution to track and manage user consent compliant with GDPR
This service is an API that allow you to store proof of consent and manage
- createConsent: create a consent
- getConsent: retrieve a consent
- listConsents: list consents registered
| Field | Definition |
|---|---|
id |
GUID |
ip |
The IP Address that performed the request. If available save the X-Forwared-For value |
created_at |
Timestamp of the request in ISO8601 format |
subject |
A list of fields saved form the source page |
source_url |
The page performing the request |
legal_docs |
List of documents subscribed by the user: for each document identified by the shortname the object contains the full text of the document and the version. If not specified, version is set to 1. |
In order to send data to the Json API, the Content-Type header must be set to application/json.
This REST API includes the following endpoints:
- getConsent
GET: /consents/{id}- createConsent
POST: /consents- listConsents
GET: /consentsRegister a consent:
POST: /consents
{
"subject": [ "email", "given_name", "tax_code" ],
"source_url": "http://mywebsite.com/privacy",
"legal_docs": [
{
"privacy_policy": "Privacy policy contents...",
"version": 1,
},
{
"terms": "Terms of service....",
"version": 3,
}
]
}Response:
201 OK
{
"id": "c1804da9-ab1c-45e2-8g7c-729822cffdaf",
"ip": "131.145.11.128",
"created_at": "2019-02-20T09:35:00Z",
"subject": [ "email", "given_name", "tax_code" ],
"source_url": "http://mywebsite.com/privacy",
"legal_docs": [
{
"privacy_policy": "Privacy policy contents...",
"version": 1,
},
{
"terms": "Terms of service....",
"version": 3,
}
]
}Request:
GET: /consents/c1804da9-ab1c-45e2-8g7c-729822cffdafResponse:
200 OK
{
"id": "c1804da9-ab1c-45e2-8g7c-729822cffdaf",
"ip": "131.145.11.128",
"created_at": "2019-02-20T09:35:00Z",
"subject": [ "email", "given_name", "tax_code" ],
"source_url": "http://mywebsite.com/privacy",
"legal_docs": [
{
"privacy_policy": "Privacy policy contents...",
"version": 1,
},
{
"terms": "Terms of service....",
"version": 3,
}
]
}Request:
GET: /consents/1234Response:
404 Not Found
{
"title": "Not found",
"detail": "The specified resource is not found",
"status": 404,
"instance": "/consents/1234",
}
Request:
GET: /consentsResponse:
200 OK
[
{
"id": "6414bbd8-2227-45d0-a888-9e43a5f202ae",
"ip": "131.145.11.128",
"created_at": "2019-02-20T09:35:00Z",
"subject": [ "email", "given_name", "tax_code" ],
"source_url": "http://mywebsite.com/privacy",
"legal_docs": [
{
"privacy_policy": "Privacy policy contents...",
"version": 1,
},
{
"terms": "Terms of service....",
"version": 3,
}
]
},
{
"id": "acecb842-e60c-4ad8-b9d4-e881f75da0e6",
"ip": "93.41.234.251",
"created_at": "2019-05-10T14:53:29Z",
"subject": [ "email", "given_name", "tax_code" ],
"source_url": "http://mywebsite.com/privacy",
"legal_docs": [
{
"privacy_policy": "Privacy policy contents...",
"version": 1,
},
{
"terms": "Terms of service....",
"version": 3,
}
]
}
]Implent a cursor-based pagination for the API.
If not specified the version number is automatically generated with the following rules:
- if the document with that short_name has never been saved, add version value 1
- if the document has already been save with the same short_name and a different content, then increment the version number
Create a docker image of the project and allow the configuration of the API using environment variables.
Implement a rate-limiting policy: a client can perform a maximum of 5 requests per second and 10800 requests per hour. Server-side, the API will respond with 429 Too Many Requests if these limits are exceeded.