https://api.didomi.io/consents/links?organization_id=<ID of your organization>
and specify the following parameters in the body:event.create
or event.update
.url
field:/consents/links
endpoint of the API is used to create consent links.
For a full reference of the endpoint and the resources that it returns, visit https://api.didomi.io/docs/.action
parameter of the consent link. That action can be either creating a new consent event (event.create
) or updating an existing consent event (event.update
).event
parameter. The event schema is the standard Didomi consent event schema.POST /consents/events
API can be created with a consent link with the same structure.event
parameter. The event schema is the standard Didomi consent event schema. An id
field must be specified with the ID of an existing consent event to update. The other properties specified in the event
parameter will be merged into the event.pending_approval
, you could send the following object:https://api.privacy-center.org/v1/consents/execute
to which you can add the query-string parameters that form your consent link.
Example of a consent link with digest authorization:
https://api.privacy-center.org/v1/consents/execute?key=fe295974-e126-49a4-9d6f-84bc5884c298&auth_algorithm=hash-md5&auth_sid=secret-id&auth_digest=e067d565e248267d5c3dd2f82409f5e3&auth_salt=salt&organization_user_id={organization_user_id}&action=event.create&event=%7B%22consents%22%3A%7B%22purposes%22%3A%5B%7B%22id%22%3A%22purpose_id%22%2C%22enabled%22%3Afalse%7D%5D%7D%7D&redirect_url=https%3A%2F%2Fwebsite.comkey
auth_algorithm
auth_sid
auth_digest
auth_salt
(optional)organization_user_id
action
event.create
(for creating an event) or event.update
(for updating an existing event).event
event.update
), an id
field must be provided to indicate what event is being updated.redirect_url
(optional)organization_user_id
and secret
. The digest must be provided in the auth_digest
query-string parameter of the consent link.[email protected]
and your secret value is secret_value
, you could compute a MD5 hash digest as MD5([email protected]_value
) = 2d7d57c0b588a5c4bc508b17ace5fd7e
. Note that there is no separator between the organization user ID and the secret.hash-md5
hash-sha1
hash-sha256
hmac-sha1
hmac-sha256
auth_algorithm
query-string parameter of the consent link.auth_sid
query-string parameter with the ID (not the secret value!) of the secret used for the digest.[email protected]
, your secret value is secret_value
, and your salt is salt
, you could compute a MD5 hash digest as MD5([email protected]
) = e067d565e248267d5c3dd2f82409f5e3
. Note that there is no separator between the organization user ID, the secret, and the salt.auth_salt
query-string parameter of the consent link. The salt is not secret and it is safe to pass it unencrypted. The salt is present to increase the uniqueness of the digest and make it harder for attackers to guess the secret with pre-computed hash attacks.
We recommend generating a new random salt for every consent link that you create.action
query-string parameter of the consent link. That action can be either creating a new consent event (event.create
) or updating an existing consent event (event.update
).event
query-string parameter. The event schema is the standard Didomi consent event schema.POST /consents/events
API can be created with a consent link with the same structure.event
query-string parameter. The event schema is the standard Didomi consent event schema. An id
field must be specified with the ID of an existing consent event to update. The other properties specified in the event
parameter will be merged into the event.pending_approval
, you can could send the following JSON:redirect_url
query-string parameter for digest authorization, and via the redirect_url
body parameter for pre-authorization.error
query-string parameter to the redirection URL. The error
parameter will contain an error code and can be used to show an error message to the user to let them know that their action has failed. https://www.ourwebsite.com/consent-updated
, then:https://www.ourwebsite.com/consent-updated
if the action is successfulhttps://www.ourwebsite.com/consent-updated?error=[ERROR CODE]
if the action fails to executeerror
query-string parameter will contain one of the following error codes:organization_id
parameter is missing.auth_sid
parameter is missing.auth_sid
parameter is not a valid secret ID. Double check that the secret exists on the Didomi platform and that the ID is valid.auth_algorithm
parameter is invalid. Ensure that it is one of the values listed in our documentation.auth_digest
parameter provided does not match the digest that we computed. Ensure that the secret, algorithm, and salt are all valid.action
query-string parameter is missing.organization_user_id
query-string parameter is missing.organization_user_id
query-string parameter is invalid. The action will still be executed in this case.event
query-string parameter is missing.event
query-string parameter is not a valid JSON string.event.update
).event.create
and event.update
actions.