Consent protocol

A Consent Request is initiated when a Data Subject specifies or changes consent preferences.

Consent Request

POST /endpoint HTTP/1.1
Host: www.example.com
Content-Type: application/json
Accept: application/json
Authorization: $auth

{
  "apiVersion": "consent/v1",
  "kind": "ConsentRequest",
  "metadata": {
    "uid": "22880925-aac5-42f9-a653-cb6921d361ff",
    "tenant": "axonic"
  },
  "request": {
    "controller": "axonic",
    "property": "axonic.io",
    "environment": "production",
    "regulation": "gdpr",
    "jurisdiction": "eugdpr",
    "identities": [
      {
        "identitySpace": "account_id",
        "identityFormat": "raw",
        "identityValue": "123"
      }
    ],
    "purposes": {
      "advertising": "granted"
      "data_sales": "granted"
      "email_mktg": "denied"
    },
    "legalBasis": {
      "advertising": "consent_optin",
      "data_sales": "consent_optout",
      "email_mktg": "disclosure"
    },
    "vendors": [
      "79",
    ],
    "context": {
      "account_id": "123"
    },
    "collectedAt": 12345984398
  }
}

Fields

namerequired?description
apiVersionyesAPI version. Must be dsr/v1
kindyesMessage kind. Must be ConsentRequest
metadatayesMetadata object
request.controllernoCode of the Ketch controller tenant. Only supplied if the ultimate controller is different to the metadata.tenant
request.propertyyesCode of the digital property defined in Ketch
request.environmentyesCode environment defined in Ketch
request.regulationyesCode of the regulation defined in Ketch
request.jurisdictionyesCode of the jurisdiction defined in Ketch
request.identitiesyesArray of Identities
request.purposesyesMap of ConsentStatus. The key is the purpose code.
request.legalBasisyesMap of LegalBasis for the purposes.
request.contextnoMap containing additional context (Data Subject Variables) that have been added via identity verification or other augmentation methods
request.collectedAtyesUNIX Timestamp of when the consent was collected

Consent Response

A successful response SHOULD return the 204 No Content response status code.

HTTP/1.1 204 No Content

Consent State

The ConsentStatus enum identifies the status of a Consent purpose.

valuedescription
grantedThe purpose is allowed by the user
deniedThe purpose is disallowed by the user

Legal basis

The LegalBasis enum identifies the legal basis of a Consent purpose.

valuedescription
consent_optinConsent - Opt In
consent_optoutConsent - Opt Out
disclosureDisclosure
otherOther legal basis