Consent Management API DRAFT proposal for Controlled Capture Delegation #43
Conversation
🦙 MegaLinter status: ✅ SUCCESS
See detailed report in MegaLinter reports MegaLinter is graciously provided by |
| - "location-verification:verify" | ||
| purpose: "dpv:FraudPreventionAndDetection" | ||
| consentStatus: "PENDING" | ||
| ConsentText: |
There was a problem hiding this comment.
Add a version or lastUpdated field to track legal text updates.
| $ref: "#/components/responses/Generic403" | ||
| "404": | ||
| $ref: "#/components/responses/Generic404" | ||
| /consents/retrieve-info: |
There was a problem hiding this comment.
When requestConsentText is false, this API is similar to consentInfo ?
Consent-info will disappear and be replaced by this one ?
| - Consent Management | ||
| parameters: | ||
| - $ref: "#/components/parameters/x-correlator" | ||
| - $ref: "#/components/parameters/Accept-Language" |
There was a problem hiding this comment.
Do we have only on accepted langage or can we pass a list with an order ?
| description: | | ||
| This operation allows the API Consumer to create a Consent for a given User, scope(s) and Purpose. The API Consumer is identified by the `client_id` parameter deduced from the access token. | ||
|
|
||
| The API Provider will set the creation date of the User Consent to the current date and time when the `createConsent` operation is invoked successfully by the API Consumer. |
There was a problem hiding this comment.
we should specify the consistent use of UTC timezone to avoid ambiguity for creationdate and expirationdate.
|
|
||
| This approach simplifies API usage for API consumers using a three-legged access token to invoke the API by relying on the information that is associated with the access token and was identified during the authentication process. | ||
|
|
||
| ## Error handling: |
There was a problem hiding this comment.
Perhaps i missed it but there is no specific error message dedicated to an invalid or non-existent consentTextId.
It would be advisable to add one to improve robustness and traceability, especially for server-side validation.
What type of PR is this?
What this PR does / why we need it:
This PR is intended to create a DRAFT proposal for a Consent Management API that enables Controlled Capture Delegation feature for API Consumers.
Which issue(s) this PR fixes:
Fixes #42
Special notes for reviewers:
Changelog input
Additional documentation
camaraproject/APIBacklog#276
camaraproject/APIBacklog#277
camaraproject/IdentityAndConsentManagement#327
#42