Consent Rail
Consent Rail
Section titled “Consent Rail”Privacy consent management, GDPR/CCPA compliance.
Overview
Section titled “Overview”The Consent Rail provides endpoints for managing customer consents, privacy preferences, and regulatory compliance (GDPR, CCPA).
Base URL
Section titled “Base URL”/api/v1/consentEndpoints
Section titled “Endpoints”Record Consent
Section titled “Record Consent”POST /api/v1/consent/consentsRecord a customer consent.
Request Body:
{ "subjectId": "cust_123", "subjectType": "CUSTOMER", "purpose": "MARKETING", "channel": "EMAIL", "granted": true, "source": "WEB_FORM", "ipAddress": "192.168.1.1", "userAgent": "Mozilla/5.0...", "policyVersion": "1.2.0", "expiresAt": "2026-01-15"}Response:
{ "data": { "consentId": "con_abc123", "subjectId": "cust_123", "purpose": "MARKETING", "granted": true, "recordedAt": "2025-01-15T10:00:00Z", "expiresAt": "2026-01-15T00:00:00Z" }}Get Consent Status
Section titled “Get Consent Status”GET /api/v1/consent/subjects/:subjectIdGet all consents for a subject.
Response:
{ "data": { "subjectId": "cust_123", "consents": [ { "purpose": "MARKETING", "channel": "EMAIL", "granted": true, "recordedAt": "2025-01-15T10:00:00Z" }, { "purpose": "ANALYTICS", "granted": false, "recordedAt": "2025-01-14T10:00:00Z" } ] }}Check Consent
Section titled “Check Consent”GET /api/v1/consent/checkCheck if consent is granted for a specific purpose.
Query Parameters:
| Parameter | Type | Description |
|---|---|---|
subjectId | string | Subject identifier |
purpose | string | Consent purpose |
channel | string | Optional channel |
Response:
{ "data": { "granted": true, "purpose": "MARKETING", "recordedAt": "2025-01-15T10:00:00Z", "expiresAt": "2026-01-15T00:00:00Z" }}Withdraw Consent
Section titled “Withdraw Consent”POST /api/v1/consent/withdrawWithdraw a consent.
Request Body:
{ "subjectId": "cust_123", "purpose": "MARKETING", "channel": "EMAIL", "reason": "User request"}Get Consent History
Section titled “Get Consent History”GET /api/v1/consent/subjects/:subjectId/historyGet consent change history.
Data Subject Request
Section titled “Data Subject Request”POST /api/v1/consent/dsrSubmit a data subject request (GDPR/CCPA).
Request Body:
{ "subjectId": "cust_123", "requestType": "ACCESS", "email": "customer@example.com", "verificationMethod": "EMAIL"}Response:
{ "data": { "requestId": "dsr_abc123", "type": "ACCESS", "status": "PENDING_VERIFICATION", "deadline": "2025-02-14T10:00:00Z" }}Get DSR Status
Section titled “Get DSR Status”GET /api/v1/consent/dsr/:requestIdGet data subject request status.
Export Data
Section titled “Export Data”GET /api/v1/consent/dsr/:requestId/exportDownload exported data (for ACCESS requests).
Delete Data
Section titled “Delete Data”POST /api/v1/consent/dsr/:requestId/executeExecute erasure request.
Consent Purposes
Section titled “Consent Purposes”| Purpose | Description |
|---|---|
| MARKETING | Marketing communications |
| ANALYTICS | Usage analytics |
| PERSONALIZATION | Personalized experiences |
| THIRD_PARTY | Third-party sharing |
| ESSENTIAL | Essential services (cannot withdraw) |
| PROFILING | Automated profiling |
DSR Types
Section titled “DSR Types”| Type | Description | GDPR Article |
|---|---|---|
| ACCESS | Data access request | Art. 15 |
| RECTIFICATION | Data correction | Art. 16 |
| ERASURE | Right to be forgotten | Art. 17 |
| PORTABILITY | Data portability | Art. 20 |
| RESTRICTION | Restrict processing | Art. 18 |
| OBJECTION | Object to processing | Art. 21 |
Events
Section titled “Events”| Event | Description |
|---|---|
consent.granted | Consent granted |
consent.withdrawn | Consent withdrawn |
consent.expired | Consent expired |
dsr.submitted | DSR submitted |
dsr.completed | DSR completed |
See Also
Section titled “See Also”- Compliance Rail - Regulatory compliance
- KYC Rail - Customer identity