Secrets are used for authenticating requests through hash digests in client-side environments where generating a consent token is too complicated. A few use-cases when secrets are used:
- When passing a user ID to a Didomi SDK, a hash digest is should be computed and provided to authenticate the user ID provided.
- When loading proofs in a public context. For instance, if you are embedding a consent proof in emails, the proof URL will need to be authenticated via a hash digest.
/secretsAPI endpoint gives access to the secrets available on the Didomi platform and that can be used when a secret is required. You can create as many secrets as you want. We recommend using different secrets by environment (development, staging, production, etc.) and by platform (web, mobile, email, etc.).
POST /secretsrequest to create a new secret. You will need to specify a name to help identify what the secret is used for. The actual secret value will be automatically generated.
"name": "User ID in Web SDK"