# Consent BFF APIs
# Consent To Accept
Method: GET /bifrost/api/consent/projects/{projId}/to-accept
Description: List all consents of the application which need acceptance from a data subject
Client Scope: consent.r
Authority: -
Request Header:
| Param | Description | Required | Example |
|---|---|---|---|
| Authorization | The OAuth2 authentication with the O2O System | Y | Bearer {O2O Access Token} |
| Content-Type | The MIME type of this content | Y | application/json |
Parameter:
| Key | Description | Required | Example |
|---|---|---|---|
| app | The application which requires consent from a data subject | Y | app=TSM |
| dataSubject | The identifier which represents user in the application | Y | dataSubject=a0000012345 |
Example Request:
curl -X GET \
'https://alpha-platform.weomni-test.com/bifrost/api/consent/projects/{projectId}/to-accept?app=TSM&dataSubject=a0000012345' \
-H 'Authorization: Bearer {O2O Access Token}' \
-H 'Content-Type: application/json' \
-H 'cache-control: no-cache'
Example Response:
HTTP/1.1 200 OK
Content-Type: application/json
[
{
"id": "5e953258e4a2810001048c67",
"descriptionEn": "test2",
"application": "TSM",
"purposes": [
"test",
"check"
],
"lifespan": 10,
"name": "consent002",
"privacyNoticeRef": "5e8ec58aaf57d400014da146",
"revision": 0,
"status": "PUBLISHED",
"ref1": "doc1",
"ref2": "doc2",
"ref3": "doc3"
}
]
# Get Privacy Notice Details
Method: GET /bifrost/api/consent/projects/{projId}/privacy-notice/{id} Description: get privacy notice details
Client Scope: consent.r Authority: -
Request Header:
| Param | Description | Required | Example |
|---|---|---|---|
| Authorization | The OAuth2 authentication with the O2O System | Y | Bearer {O2O Access Token} |
| Content-Type | The MIME type of this content | Y | application/json |
Parameter:
| Key | Description | Required | Example |
|---|---|---|---|
| id | The id of privacy notice | Y | 5ea69d3b608e270001c1f778 |
Example Request:
curl -X GET \
https://platform.weomni-test.com/bifrost/api/consent/projects/{projectId}/privacy-notice/{id} \
-H 'Authorization: Bearer {O2O Access Token}' \
-H 'cache-control: no-cache'
Example Response:
HTTP/1.1 200 OK
Content-Type: application/json
{
"id": "5ea69d3b608e270001c1f778",
"name": "My Company",
"descriptionEn": "hello",
"descriptionTh": "สวัสดี",
"status": "PUBLISHED",
"revision": 1
}
# Accept Consent
Method: POST /bifrost/api/consent/projects/{projId}/consent-acceptance
Description: Accept the consent based on application and data subject
Client Scope: consent.w, consent.r
Authority: -
Request Header:
| Param | Description | Required | Example |
|---|---|---|---|
| Authorization | The OAuth2 authentication with the O2O System | Y | Bearer {O2O Access Token} |
| Content-Type | The MIME type of this content | Y | application/json |
Body:
| Key | Description | Required | Example |
|---|---|---|---|
| app | The application which requires consent from a data subject | Y | TSM |
| dataSubject | The identifier which represents user in the application | Y | a0000012345 |
| consentId | Id of consent | Y | |
| purposes | List of accepting purpose codes under the consent | N | ["SMS","EMAIL"] |
| userAgent | The computer program representing a person | Y | Mozilla/5.0 |
| country | Country | Y | Thailand |
| localIp | Local IP | Y | |
| osVersion | Version of device's operation system | Y | iOS 13.4.1 |
| model | Model of device | Y | iPhone SE |
| deviceFingerprintId | Fingerprint ID of device | Y | C7JS888PGFYR |
| note | Additional information | N |
Example Request:
curl -X POST \
'https://alpha-platform.weomni-test.com/bifrost/api/consent/projects/{projectId}/consent-acceptance \
-H 'Authorization: Bearer {O2O Access Token}' \
-H 'Content-Type: application/json' \
-H 'cache-control: no-cache'
{
"app":"TSM",
"consentId":"5e991ad37f4e24000126ee49",
"dataSubject":"a0000012345",
"userAgent":"Mozilla/5.0",
"purposes":["sms"],
"country":"Thailand",
"localIp":"172.201.134.98",
"osVersion":"iOS 13.4.1",
"model":"iPhone SE",
"deviceFingerprintId":"jjjhaidhsiwjdi23d",
"note":"sms consent"
}
Example Response:
HTTP/1.1 201 CREATED
Content-Type: application/json
{
"id":"5e9e71681a26680001d906b9",
"consentApplication":"TSM",
"acceptanceDate": "2020-04-21T04:07:04.31Z",
"expiredDate": "2021-04-21T04:07:04.31Z",
"consentId":"5e991ad37f4e24000126ee49",
"dataSubject":"a0000012345",
"userAgent":"Mozilla/5.0",
"purposes":["sms"],
"country":"Thailand",
"localIp":"172.201.134.98",
"osVersion":"iOS 13.4.1",
"model":"iPhone SE",
"deviceFingerprintId":"jjjhaidhsiwjdi23d",
"note":"sms consent",
"status":"ACCEPTED"
}
# Purpose Options
Method: GET /bifrost/api/consent/projects/{projId}/purpose-options
Description: Look up purpose options for the application and be able to display on frontend
Client Scope: consent.r Authority: -
Request Header:
| Param | Description | Required | Example |
|---|---|---|---|
| Authorization | The OAuth2 authentication with the O2O System | Y | Bearer {O2O Access Token} |
| Content-Type | The MIME type of this content | Y | application/json |
Paremeter:
| Key | Description | Required | Example |
|---|---|---|---|
| app | The application which requires consent from a data subject | Y | TSM |
| dataSubject | The identifier which represents user in the application | Y | a0000012345 |
Example Request:
curl -X GET \
'https://platform.weomni-test.com/bifrost/api/consent/projects/{projectId}}/purpose-options?app=EBM&dataSubject=a0000012345' \
-H 'Authorization: Bearer {O2O Access Token}' \
-H 'Postman-Token: cb126505-2d0a-4329-bd63-3670e9c13831' \
-H 'cache-control: no-cache'
Example Response:
HTTP/1.1 200 OK
Content-Type: application/json
[
{
"code": "SMS",
"accepted": true,
"nameEn": "Send SMS Notification",
"nameTh": "SMS แจ้งเตือน",
"consentId": "5e9843487f4e24000126ee3e"
},
{
"code": "EMAIL",
"accepted": true,
"nameEn": "Send Email Notification",
"nameTh": "ส่งอีเมล",
"consentId": "5e9843487f4e24000126ee3e"
},
{
"code": "FACE_RECOG",
"accepted": true,
"nameEn": "",
"nameTh": "",
"consentId": "5e9843487f4e24000126ee3e"
}
]
# Accept Purpose
Method: POST /bifrost/api/consent/projects/{projId}/purpose-acceptance
Description: Accept the purpose based on application and data subject
Client Scope: consent.w, consent.r Authority: -
Request Header:
| Param | Description | Required | Example |
|---|---|---|---|
| Authorization | The OAuth2 authentication with the O2O System | Y | Bearer {O2O Access Token} |
| Content-Type | The MIME type of this content | Y | application/json |
Body:
| Key | Description | Required | Example |
|---|---|---|---|
| app | The application which requires consent from a data subject | Y | TSM |
| dataSubject | The identifier which represents user in the application | Y | a0000012345 |
| purposeCode | The code of purpose to accept (be able to look up from get purpose option API) | Y | SMS |
Example Request:
curl -X POST \
https://platform.weomni-test.com/bifrost/api/consent/projects/{projectId}/purpose-acceptance \
-H 'Authorization: Bearer {O2O Access Token}'\
-H 'Content-Type: application/json' \
-H 'cache-control: no-cache' \
-d '{
"app": "EBM",
"dataSubject": "a0000012345",
"purposeCode": "FACE_RECOG"
}'
Example Response:
HTTP/1.1 201 CREATED
Content-Type: application/json
{
"id": "5e953258e4a2810001048c67",
"dataSubject": "a0000012345",
"consentApplication": "EBM",
"purposeCode": "FACE_RECOG",
"status": "ACCEPTED",
"expiredDate": "2020-11-03T06:08:08.585Z",
"acceptanceDate": "2020-04-17T06:08:08.585Z",
"withdrawalDate": null
}
# Withdraw Purpose
Method: POST /bifrost/api/consent/projects/{projId}/purpose-withdrawal
Description: Withdraw the purpose based on application and data subject
Client Scope: consent.w, consent.r Authority: -
Request Header:
| Param | Description | Required | Example |
|---|---|---|---|
| Authorization | The OAuth2 authentication with the O2O System | Y | Bearer {O2O Access Token} |
| Content-Type | The MIME type of this content | Y | application/json |
Body:
| Key | Description | Required | Example |
|---|---|---|---|
| app | The application which requires consent from a data subject | Y | TSM |
| dataSubject | The identifier which represents user in the application | Y | a0000012345 |
| purposeCode | The code of purpose to accept (be able to look up from get purpose option API) | Y | SMS |
Example Request:
curl -X POST \
https://platform.weomni-test.com/bifrost/api/consent/projects/{projectId}/purpose-withdrawal \
-H 'Authorization: Bearer {O2O Access Token}' \
-H 'Content-Type: application/json' \
-H 'cache-control: no-cache' \
-d '{
"app": "EBM",
"dataSubject": "a0000012345",
"purposeCode": "FACE_RECOG"
}'
Example Response:
HTTP/1.1 200 OK
Content-Type: application/json
{
"id": "5e953258e4a2810001048c67",
"dataSubject": "a0000012345",
"consentApplication": "EBM",
"purposeCode": "FACE_RECOG",
"status": "WITHDRAWN",
"expiredDate": "2020-11-03T06:08:08.585Z",
"acceptanceDate": "2020-04-17T06:08:08.585Z",
"withdrawalDate": "2020-04-18T12:19:57.412Z"
}