Secrets

Secrets are used for authenticating requests through hash digests or encrypted data in client-side environments where generating a consent token is too complicated. A few use-cases when secrets are used:

  • When passing a user ID to a Didomi SDK, a hash digest should be computed and provided to authenticate the user ID provided.

  • When loading proofs in a public context. For instance, if you are embedding a consent proof in emails, the proof URL will need to be authenticated via a hash digest.

The /secrets API endpoint gives access to the secrets available to an organization on the Didomi platform and that can be used when a secret is required.

We recommend using different secrets by environment (development, staging, production, etc.) and by platform (web, mobile, email, etc.).

Create a secret

Send a POST /secrets request to create a new secret. You will need to specify a name to help identify what the secret is used for. The actual secret value will be automatically generated.

Example

POST /secrets

BODY
{
  "name": "User ID in Web SDK"
  "organization_id": "organization_id"
}

See the API documentation for more details on this endpoint.

Last updated