MyLife Digital was acquired by DataGuard in April 2021

Hop over to our new home DataGuard.co.uk

Consentric API

Consentric Developer Portal

Universal Consent & Preference Management... Made simple.

Consentric Platform API - overview

Consentric provides a secure platform for organisations to manage permissions and preferences.

The majority of the Consentric features can be accessed via the Consentric Admin UI with some of the richer functionality available only via the API.

The quick start guides provided here aims to get you up and running using the API in your own applications.

Authentication and Authorization

All calls to the API must be authorised with a JSON Web Token (JWT).

When you sign up to Consentric you will be provided with a client details for accessing the API. You will be given a client ID and a client secret. These values should be used to obtain a JWT from our security provided, Auth0, with which to make API calls.

For example, the JWT can be retrieved through a client credentials flow request with the following curl command:

gcurl --request POST \
  --url https://consentric.eu.auth0.com/oauth/token \
  --header 'content-type: application/json' \
  --data '{"client_id":"<YOUR CLIENT ID>","client_secret":"<YOUR CLIENT SECRET>","audience":"https://api.consentric.io","grant_type":"client_credentials"}' 

This would return a response of the following form containing your JWT

{
  "access_token": "<YOUR JWT>",
  "token_type": "Bearer"
} 

To use this JWT on the consentric API you must provide it as a bearer token in the HTTP authorization header as shown in the following curl example:

curl --request GET \
  --url https://api.consentric.io/path_to_required_endpoint/ \
  --header 'authorization: Bearer <YOUR JWT>' 

JWT Management

As stated above, the Consentric API uses JWTs for authentication and authorization. The JWTs we issue for Machine to Machine comms are valid for several hours and should therefore only be refreshed when expired. The JWT itself contains a field named exp which contains the seconds past 1970-01-01 00:00:00Z at which the JWT will expire. Many libraries in many languages exist for reading JWT content and can be used to determine what the expiry time is. See jwt.io for a list of such libraries.