Users

Consent users represent end users of your applications or websites that Didomi is storing consent and preferences information for.

The User entity represents the latest consent status, for a given regulation, of an end user as well as additional metadata. That's the entity that you should query when you want to check if you have consent for a specific data processing or purpose.

The /consents/users endpoint of the API exposes the users managed by Didomi for your organizations. For a full reference of the endpoint and the resources that it returns, visit https://api.didomi.io/docs/.

While you can specify the consent status for a user when you create it, we recommend using consent events instead for registering the user consent status as you will benefit from automated consent history and updates. Otherwise it would not be possible.

You can create a user by calling the POST /consents/users endpoint and providing basic information on the user as well as custom metadata that you want to associate with the user.

You can provide following information on users:

  • Organization user ID: a free-form user ID that is specific to your organization and that is used to identify the user within your organization. This could be an email address, a CRM ID, etc. It can be used to query users and events.

  • Metadata: a free-form object with any custom metadata that you want to associate with the user

  • Consents: the consent status of the user for purposes, preferences, channels and vendors for GDPR regulation

Example

POST /consents/users?organization_id={organization_id}

BODY
{
  "organization_user_id": "user@domain.com",
  
  "metadata": {
    ... free-form object with user metadata
  }
}

See the API documentation for more details on this endpoint.

You can query consent users that belong to your organization, and filter by user ID or organization user ID.

Paginate through users

Users are returned by pages of 100 and every query returns a cursor value that can be used to get the next page of results. You can iterate through pages of results by specifying the $cursor query-string parameter from the previous query. The returned cursor is null when there is no more result available.

Get the first 100 users that belong to an organization:

GET /consents/users?organization_id={organization_id}

RESPONSE
{
  "data": [
    ...list of 100 users
  ],
  "limit": 100, // Number of users in the current page
  "cursor": ... // Cursor to use for querying the next page of results
}

Get the following 100 users:

GET /consents/users
  ?organization_id={organization_id}
  &$cursor={cursor from previous query}

RESPONSE
{
  "data": [
    ...list of 100 users
  ],
  "limit": 100, // Number of users in the current page
  "cursor": ... // Cursor to use for querying the next page of results
}

Get a user by its organization user ID

GET /consents/users/{organization_user_id}
  ?organization_id={organization_id}
  &$by_organization_user_id=true
  &$merge_users=true

RESPONSE
{
  "id": "0cc784a0-4425-45ca-a62f-00dd588d1526",
  "organization_user_id": "organization_user_id",
  "consents": {
    ...
  }
}

The $merge_users query parameter aggregates the consent records of users with the same organizationUserId into a single object, providing a consolidated view of their unified consent status.

By default, user choices are registered under GDPR regulation.

For organizations managing users globally under various privacy laws, you can query the user's consent state for specific regulations by specifying it in the query-string parameter regulation (See all regulations supported by Didomi).

GET /consents/users/{organization_user_id}
  ?organization_id={organization_id}
  &$by_organization_user_id=true
  &$merge_users=true
  &regulation=cpra

RESPONSE
{
  "id": "0cc784a0-4425-45ca-a62f-00dd588d1526",
  "organization_user_id": "organization_user_id",
  "consents": {
    ...
  }
}

Status propagation

Consents API V2 does not support Status propagation.

The user choice at a specific level automatically propagates to elements at the lower level.

For instance, if a user sets enabled to false at the purpose level, it overrides lower-level enabled values (for preferences and channels) that will also be set to false automatically.

A practical example is that enabled at the purpose level can be used to implement Subscribe to all / Unsubscribe to all features where a user can subscribe to / unsubscribe from all preferences (current and future) by setting enabled to false on the purpose. Future preferences under that purpose will automatically get enabled set to false.

For instance, if you are pushing the following consent status to the API:

{
  "purposes": [
    {
      "id": "purpose-1",
      "enabled": false,
      "preferences": [
        {
          "id": "preference-1",
          "enabled": true
        }
      ]
    }
  ],
  
  "vendors": { ... }
}

This status from the event indicates that the user has disabled the purpose but enabled the preference. When updating the user status from the event, the status from the purpose will be propagated down to the preference and the API will store:

{
  "purposes": [
    {
      "id": "purpose-1",
      "enabled": false,
      "preferences": [
        {
          "id": "preference-1",
          "enabled": false
        }
      ]
    }
  ],
  
  "vendors": { ... }
}

Disable integrations

If you are importing users already present in your systems and there is no need for these users to be forwarded to your integrations, you can add the query parameter $disable_integrations=true to your request to disable such forwarding.

User Schema

Users have the following schema:

If you subscribed to Didomi after the 18th of January 2022, you are using the Consents API V2.

{
    /**
     * The Didomi user ID
     * A random UUID generated by the SDK on websites and mobile apps.
     */
    id: 'string',
    
    /**
     * A unique user ID in your organization
     * This could be an email, a phone number, an internal client ID, etc.
     * It is used to link Didomi users to your internal systems.
     * Multiple Didomi users can be associated with one organization ID.
     */
    organization_user_id: 'string',
    
    /**
     * Version number of the user record
     * User for optimistic locking
     */
    version: Number,
    
    /**
     * Creation date of the user record
     */
    created_at: 'ISO8601 date',
    
    /**
     * Last update date of the user record
     */
    updated_at: 'ISO8601 date',
    
    /**
     * Free-form metadata object on the user
     */
    metadata: Object,
    
    /**
     * Two-letter ISO code of the user's country.
     * `null` if no value is provided. This property is never set automatically by Didomi.
     */
    country: 'string',

    /**
     * Two-letter ISO country code of the last consent event for the user.
     * The country of a consent event might differ from the initial
     * user's country. This property stores the last seen country from
     * the user's consent events.
     * Auto-filled for Didomi SDK events.
     */
    last_seen_country: 'string',
    
    /**
     * Consent status of the user
     */
    consents: { 
        /**
         * Purposes that the user has made choices for
         * By default, consent state is applied to GDPR
         */
        purposes: [
            {
                /**
                 * Unique purpose ID
                 */
                id: "string", 
                
                metadata: Object, 
                
                /**
                 * Whether the user has given consent to this purpose or not
                 * A null value indicates that the user has made choices for
                 * preferences values
                 */                
                enabled: boolean || null, 
                
                /**
                 * Preferences that the user has made choices for
                 */                  
                values: {
                    [PREFERENCE_ID]: {
                        /**
                        * Preference values that the user has made positive choices for
                        * An empty string indicates that the user has made a negative 
                        * choice for the preference
                        */ 
                        value: "PREF_VALUE_ID_1,PREF_VALUE_ID_2"
                    }
                }
            }
            ...
        ],

        /**
         * Vendors that the user has made choices for
         */
        vendors: {
            /**
             * List of vendor IDs that the user has given consent to
             */
            enabled: ['string', ...],
            
            /**
             * List of vendor IDs that the user has denied consent to
             */
            disabled: ['string', ...]
        },
        
        /**
         * TCF consent string for the user
         * (if it was available or generated at the time of consent collection)
         */
        tcfcs: 'string'
    }
}

Last updated