/
Using the Consent Management REST APIs

This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Using the Consent Management REST APIs

Owned by Former user (Deleted)

The consent management APIs in WSO2 Identity Server collect and manage end user consents when user information is shared with external parties. The following sections guide you through the consent management concepts and the APIs you can invoke. 

Definitions for consent management

This section defines and explains commonly used terms in consent management. 

Loading
Loading

For more information about consent management concepts and the use cases of consent management with WSO2 IS, see Consent Management Overview.

Configuring the PII controller

You can configure a default PII controller in one of the following ways:

  • Via the management console
  • Via the configuration file

Via the management console

  1. Login to the management console.
  2. Click Resident under Identity Providers and expand the Consent Management tab.
  3. Configure the PII controller information.

Via the configuration file

  1. Open the consent-mgt-config.xml file found in the <IS_HOME>/repository/conf folder and configure the following configuration block.

    <PIIController>    
    <PiiController>Kim</PiiController>
    <Contact>Kim</Contact>
    <Email>kim@abc.com</Email>
    <Phone>+01433444333</Phone>
    <OnBehalf>false</OnBehalf>
    <PiiControllerUrl>https://sample.piicontroller.url</PiiControllerUrl>
    <Address>
        <Country>USA</Country>
        <Locality>Mountain View</Locality>
        <Region>CA</Region>
        <PostOfficeBoxNumber>233</PostOfficeBoxNumber>
        <PostalCode>94043</PostalCode>
        <StreetAddress>1600 Amphitheatre Pkwy</StreetAddress>
    </Address>
</PIIController>
 Click here for more information about each property
PropertyTypeRequired/OptionalDescription
<PIIController>stringRequiredName of the first PII controller who collects the data.
<Contact>stringRequiredContact name of the PII controller.
<Email>stringRequiredContact email address of the PII Controller. The direct email to contact the PII Controller regarding the consent or privacy contract. 
<Phone>stringRequiredContact phone number of the PII Controller. The business phone number to contact the PII Controller regarding the consent.
<OnBehalf>booleanOptionalA PII Processor acting on behalf of a PII Controller or PII Processor.
<PiiControllerUrl>stringOptionalA URL for contacting the PII Controller.
<Address>objectRequiredThe physical address of the PII controller.

For more information on how to extend or customize this, see Extension points

APIs and supported operations

For information on the REST APIs, supported operations and sample requests/responses, see Consent Management APIs Swagger Documentation.

Extension points

You can customize the REST APIs using the following extension points: 

  • PIIController connector extension - A sample implementation that demonstrates registering a PII controller and providing PII controller information for consent receipts.
  • Interceptor extension - A sample implementation that demonstrates registering a consent management interceptor and intercepting consent management related operations.