This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Using the Consent Management REST APIs
The consent management APIs in WSO2 Identity Server collect and manage end user consents when user information is shared with external parties. The following sections guide you through the consent management concepts and the APIs you can invoke.
Definitions for consent management
This section defines and explains commonly used terms in consent management. PII Controller For more information on how to extend or customize this, see Extension points. PII Processor
Any information that can be used to identify the PII Principal to whom the information relates to.
The natural person to whom the personally identifiable information (PII) relates to.
A Personally identifiable information (PII) Principal’s freely given, specific and informed agreement to the processing of their PII.
The business, operational or regulatory requirement for the collection, use and/or disclosure of a PII Principal's data. In other words, it is the reason personal information is collected by the entity.
A record of a consent interaction (or consent record summary linked to the record of consent) provided by a PII Principal to a PII Controller to collect, use and disclose the PII Principal’s PII in accordance to an agreed set of terms.
A private stakeholder that determines the purposes and means for processing personally identifiable information (PII) other than the natural persons who use data for personal purposes.
You can configure a default PII controller in the consent-mgt-config.xml
file found in the <IS_HOME>/repository/conf
folder. <PIIController>
<PiiController>Kim</PiiController>
<Contact>Kim</Contact>
<Email>kim@abc.com</Email>
<Phone>+01433444333</Phone>
<OnBehalf>false</OnBehalf>
<PiiControllerUrl>https://sample.piicontroller.url</PiiControllerUrl>
<Address>
<Country>USA</Country>
<Locality>Mountain View</Locality>
<Region>CA</Region>
<PostOfficeBoxNumber>233</PostOfficeBoxNumber>
<PostalCode>94043</PostalCode>
<StreetAddress>1600 Amphitheatre Pkwy</StreetAddress>
</Address>
</PIIController>
A private stakeholder that processes personally identifiable information (PII) on behalf of and in accordance with the instructions of a PII controller.
APIs and supported operations
For information on the REST APIs, supported operations and sample requests/responses, see Consent Management APIs Swagger Documentation.
Extension points
You can customize the REST APIs using the following extension points:
- PIIController connector extension - A sample implementation that demonstrates registering a PII controller and providing PII controller information for consent receipts.
- Interceptor extension - A sample implementation that demonstrates registering a consent management interceptor and intercepting consent management related operations.