Policy Consent Management
Policy consent management enables organizations to track user agreement to specific policies like privacy policies, terms of service, or cookie policies.
This comprehensive workflow guide demonstrates how to implement a complete policy consent system using both Web and Mobile endpoints of the Secure Privacy API.
Core Implementation Workflow
Section titled “Core Implementation Workflow”Step 1: Retrieve Policy Document
Section titled “Step 1: Retrieve Policy Document”Before requesting consent, fetch the policy document that users need to review. Policy Id is located in the URL of policy settings page:
// GET /api/policyconsent/policyconst policyRequest = { "PolicyId": "65e1a1eda303f0887605471b", "LanguageCode": "en"};fetch('/api/policyconsent/policy', { method: 'GET', headers: { 'Authorization': 'Bearer YOUR_API_KEY', 'Content-Type': 'application/json' }, body: JSON.stringify(policyRequest) }).then(response => response.json()).then(policy => { // Expected response structure: // { "Id": "65e1a1eda303f0887605471b", // "Name": "My Privacy Policy", // "Type": "Privacy", // or 'Cookie', 'TermsOfService' // "Version": "2.1", // "CompiledHtml": "<div>Policy content...</div>" // } displayPolicyToUser(policy);});Step 2: Check Existing Consent Status
Section titled “Step 2: Check Existing Consent Status”Before showing policy dialogs, verify if the user has already provided consent for the current policy version. In case ClientId is not present locally (first-time visitor), the consent dialog can be displayed right away.
// GET /api/policyconsent/consent-givenconst consentCheckRequest = { "ClientId": "DDB8AC7C9A500C6C2028E03ABE525C0ECEF2F6134DB78BD1229131ECD9D8F4DB", // Id from the initial consent "PolicyId": "65e1a1eda303f0887605471b", "Version": "2.1"};fetch('/api/policyconsent/consent-given', { method: 'GET', headers: { 'Authorization': 'Bearer YOUR_API_KEY', 'Content-Type': 'application/json' }, body: JSON.stringify(consentCheckRequest) }) .then(response => response.json()) .then(consentStatus => { // Expected response: { "ConsentGiven": "boolean" } if (!consentStatus.ConsentGiven) { showPolicyConsentDialog(); } else { proceedWithUserSession(); } });Step 3: Record User Consent
Section titled “Step 3: Record User Consent”When a user accepts the policy, record their consent decision using the appropriate endpoint for your platform.
Web Platform Implementation
Section titled “Web Platform Implementation”Domain Id is located in the URL of Domain Settings page:
// POST /api/policyconsent (Web)const consentRecord = { "PolicyId": "65e1a1eda303f0887605471b", "ConsentGiven": true, "Language": "en", // OR "ClientId": "DDB8AC7C9A500C6C2028E03ABE525C0ECEF2F6134DB78BD1229131ECD9D8F4DB", "URI": "https://yourapp.com/privacy", "DomainId": "67ea62d145798047bc7ab206"};fetch('/api/policyconsent', { method: 'POST', headers: { 'Authorization': 'Bearer YOUR_API_KEY', 'Content-Type': 'application/json' }, body: JSON.stringify(consentRecord) }) .then(response => response.json()) .then(result => { // Expected response: // { // "Created": "2025-06-20T19:56:00Z", // "ClientId": "DDB8AC7C9A500C6C2028E03ABE525C0ECEF2F6134DB78BD1229131ECD9D8F4DB" // } console.log('Web consent recorded:', result);});Mobile Platform Implementation
Section titled “Mobile Platform Implementation”For mobile applications, use the enhanced mobile endpoint that captures device-specific information: Mobile App Id is located in the URL of Mobile app Settings page:
// POST /api/policyconsent (Mobile - Authentication required)const mobileConsentRecord = { "PolicyId": "65e1a1eda303f0887605471b", "Language": "en", "ConsentGiven": true, // OR "ClientId": "DDB8AC7C9A500C6C2028E03ABE525C0ECEF2F6134DB78BD1229131ECD9D8F4DB", "URI": "app://privacy-screen", // Mobile screen URI "ClientSessionId": "session-abc123", "DeviceManufacturer": "Apple", "SDKVersion": "2.1.0", "OSVersion": "iOS 17.0", "MobileApplicationId": "67bf0c7bcc42e16b27357097"};fetch('/api/policyconsent', { method: 'POST', headers: { 'Authorization': 'Bearer YOUR_API_KEY', 'Content-Type': 'application/json' }, body: JSON.stringify(mobileConsentRecord) }) .then(response => response.json()) .then(result => { // Expected response: // { // "Created": "2025-06-20T19:56:00Z", // "ClientId": "DDB8AC7C9A500C6C2028E03ABE525C0ECEF2F6134DB78BD1229131ECD9D8F4DB" // } console.log('Mobile consent recorded:', result);});Mobile Consent Status Check
Section titled “Mobile Consent Status Check”Check consent status specifically for mobile users:
// GET /api/policyconsent/consent-given (Mobile - Authentication required)const mobileConsentCheck = { "ClientId": "DDB8AC7C9A500C6C2028E03ABE525C0ECEF2F6134DB78BD1229131ECD9D8F4DB", "PolicyId": "65e1a1eda303f0887605471b", "Version": "2.1"};fetch('/api/policyconsent/consent-given', { method: 'GET', headers: { 'Authorization': 'Bearer YOUR_API_KEY', 'Content-Type': 'application/json' }, body: JSON.stringify(mobileConsentCheck)}).then(response => response.json()).then(result => { // Expected response: { "ConsentGiven": "boolean" } if (!result.ConsentGiven) { showMobilePolicyDialog(); }});Retrieve Individual Mobile Consent Record
Section titled “Retrieve Individual Mobile Consent Record”Get the complete consent record for a specific mobile user:
// GET /api/policyconsent/ (Individual record - Mobile)const individualRecordQuery = { "ClientId": "DDB8AC7C9A500C6C2028E03ABE525C0ECEF2F6134DB78BD1229131ECD9D8F4DB", "PolicyId": "65e1a1eda303f0887605471b", "Version": "2.1"};fetch('/api/policyconsent/', { method: 'GET', headers: { 'Authorization': 'Bearer YOUR_API_KEY', 'Content-Type': 'application/json' }, body: JSON.stringify(individualRecordQuery)}).then(response => response.json()).then(record => { // Expected detailed response: // { // "Id": "67f7b4ba6536059bb4748902", // "Created": "2025-06-20T19:56:00Z", // "ConsentGiven": true, // "URI": "app://privacy-screen", // "PolicyName": "Privacy Policy", // "PolicyType": "Privacy", // "PolicyId": "65e1a1eda303f0887605471b", // "PolicyVersion": "2.1", // "CustomUserId": "[email protected]", // "ClientId": "DDB8AC7C9A500C6C2028E03ABE525C0ECEF2F6134DB78BD1229131ECD9D8F4DB" // } displayIndividualRecord(record);});Advanced Consent Management
Section titled “Advanced Consent Management”Retrieve Consent History with Filters
Section titled “Retrieve Consent History with Filters”The GET endpoint supports comprehensive filtering for audit and compliance purposes:
// GET /api/policyconsent (Authentication required)const consentQuery = { "PolicyId": "65e1a1eda303f0887605471b", "FromDate": "2025-01-01T00:00:00Z", // Optional "ToDate": "2025-12-31T23:59:59Z", // Optional "ConsentGiven": true, // Optional filter "PolicyVersion": "2.1", // Optional "MobileApplicationId": "67bf0c7bcc42e16b27357097", // Optional "DeviceManufacturer": "Apple", // Optional "SDKVersion": "2.1.0", // Optional "OSVersion": "iOS 17.0", // Optional "DomainId": "67ea62d145798047bc7ab206" // Optional};fetch('/api/policyconsent/', { method: 'GET', headers: { 'Authorization': 'Bearer YOUR_API_KEY', 'Content-Type': 'application/json' }, body: JSON.stringify(consentQuery)}) .then(response => response.json()) .then(consents => { // Expected response format with detailed fingerprint data: // [{ // "Id": "67f7b4ba6536059bb4748902", // "Created": "2025-06-20T19:56:00Z", // "ConsentGiven": true, // "URI": "app://privacy-screen", // "PolicyType": "Privacy", // "PolicyId": "65e1a1eda303f0887605471b", // "Version": "2.1", // "CustomUserId": "[email protected]", // "ClientId": "DDB8AC7C9A500C6C2028E03ABE525C0ECEF2F6134DB78BD1229131ECD9D8F4DB", // "Fingerprint": { // "IP": "192.168.1.1", // "ProxifiedIP": "proxy-ip", // "UserAgent": "YourApp/2.1.0", // "City": "New York", // "State": "NY", // "Country": "US", // "ClientSessionId": "session-abc123", // "DeviceManufacturer": "Apple", // "SDKVersion": "2.1.0", // "OSVersion": "iOS 17.0" // } // }] displayConsentHistory(consents);});Platform-Specific Implementation Patterns
Section titled “Platform-Specific Implementation Patterns”Web vs Mobile Differences
Section titled “Web vs Mobile Differences”- Authentication: Mobile endpoints always require authentication, while some web endpoints may be used without authentication
- Device Information: Mobile endpoints capture detailed device fingerprinting including manufacturer, OS version, and SDK version
- URI Format: Web uses standard URLs, mobile uses app-specific URI schemes
- Session Tracking: Mobile includes ClientSessionId for session-based consent tracking
Cross-Platform Consent Synchronization
Section titled “Cross-Platform Consent Synchronization”Use the CustomUserId field to link consent records across web and mobile platforms for the same user, enabling consistent policy compliance regardless of access method.
Compliance and Audit Trail
Section titled “Compliance and Audit Trail”Both platforms maintain comprehensive audit trails with timestamps, device fingerprints, and policy version tracking. The mobile platform provides enhanced device-level tracking for more detailed compliance reporting.