This section provides a reference for APIs that should be implemented by this Building Block.
This section provides a reference for APIs that should be implemented by this Building Block. The APIs defined here establish a blueprint for how the Building Block will interact with other Building Blocks. Additional APIs may be implemented by the Building Block, but the listed APIs define a minimal set of functionality that should be provided by any implementation of this Building Block.
The GovStack non-functional requirements document provides additional information on how 'adaptors' may be used to translate an existing API to the patterns described here. This section also provides guidance on how candidate products are tested and how GovStack validates a product's API against the API specifications defined here.
The tests for the Consent Building Block can be found in this GitHub repository.
The following is an automated rendition of our latest OpenAPI YAML specification.
DELETE - Cascading delete operation for Right To Be Forgotten, deletes all Consent Records that shall not be retained and have a "forgettable" Agreement. May also delete an unsigned Consent Record, for instance in cases where the user exits the signing process. Individual ID supplied as HTTP header.
READ - Fetch an Individual in the Consent system
Unique ID of an object
Shallowly models an Individual which may reference some instance in an external system (registration system, functional ID, foundational ID etc). An Individual instance of this model is not to be mistaken with a unique natural individual. It is up to the system owner to decide if this record permits mapping to a natural individual and/or if a single Individual row can map to several consent records.
The unique ID of an Individual row.
""Reference to another foundational/functional ID, which is likely PII
""External id type specifier. A string. For instance "email" or "foundational id". Can be used in later queries.
""This could be an FK, but for now we do not have a mapping of identity providers. IDBB may have more requirements.
""LIST - lists individuals in the system
Requested index for start of resources to be provided in response requested by client
Requested number of resources to be provided in response requested by client
The unique ID of an Individual row.
""Reference to another foundational/functional ID, which is likely PII
""External id type specifier. A string. For instance "email" or "foundational id". Can be used in later queries.
""This could be an FK, but for now we do not have a mapping of identity providers. IDBB may have more requirements.
""CREATE - Creates an Individual in the Consent system
Shallowly models an Individual which may reference some instance in an external system (registration system, functional ID, foundational ID etc). An Individual instance of this model is not to be mistaken with a unique natural individual. It is up to the system owner to decide if this record permits mapping to a natural individual and/or if a single Individual row can map to several consent records.
The unique ID of an Individual row.
""Reference to another foundational/functional ID, which is likely PII
""External id type specifier. A string. For instance "email" or "foundational id". Can be used in later queries.
""This could be an FK, but for now we do not have a mapping of identity providers. IDBB may have more requirements.
""Shallowly models an Individual which may reference some instance in an external system (registration system, functional ID, foundational ID etc). An Individual instance of this model is not to be mistaken with a unique natural individual. It is up to the system owner to decide if this record permits mapping to a natural individual and/or if a single Individual row can map to several consent records.
The unique ID of an Individual row.
""Reference to another foundational/functional ID, which is likely PII
""External id type specifier. A string. For instance "email" or "foundational id". Can be used in later queries.
""This could be an FK, but for now we do not have a mapping of identity providers. IDBB may have more requirements.
""UPDATE - Updates an Individual in the Consent system
Unique ID of an object
Shallowly models an Individual which may reference some instance in an external system (registration system, functional ID, foundational ID etc). An Individual instance of this model is not to be mistaken with a unique natural individual. It is up to the system owner to decide if this record permits mapping to a natural individual and/or if a single Individual row can map to several consent records.
The unique ID of an Individual row.
""Reference to another foundational/functional ID, which is likely PII
""External id type specifier. A string. For instance "email" or "foundational id". Can be used in later queries.
""This could be an FK, but for now we do not have a mapping of identity providers. IDBB may have more requirements.
""Shallowly models an Individual which may reference some instance in an external system (registration system, functional ID, foundational ID etc). An Individual instance of this model is not to be mistaken with a unique natural individual. It is up to the system owner to decide if this record permits mapping to a natural individual and/or if a single Individual row can map to several consent records.
The unique ID of an Individual row.
""Reference to another foundational/functional ID, which is likely PII
""External id type specifier. A string. For instance "email" or "foundational id". Can be used in later queries.
""This could be an FK, but for now we do not have a mapping of identity providers. IDBB may have more requirements.
""LIST - returns the current Policy
Unique ID of an object
Requested index for start of resources to be provided in response requested by client
Requested number of resources to be provided in response requested by client
A policy governs Data Agreements in the realm of an organisation that is often referred to as "data controller" (GDPR) and owner of referencing Data Agreements.
""Name of the policy
""Version of the policy
""Permanent URL at which this very version of the Policy can be read, should not be allowed to change over time.
""""""""""""LIST - Fetches list of readable Policy objects
An object with id revisionId
Requested index for start of resources to be provided in response requested by client
Requested number of resources to be provided in response requested by client
A list of Policy objects readable for the current session's credentials.
""Name of the policy
""Version of the policy
""Permanent URL at which this very version of the Policy can be read, should not be allowed to change over time.
""""""""""""READ - get a Policy object + latest Revisio
Unique ID of an object
An object with id revisionId
A policy governs Data Agreements in the realm of an organisation that is often referred to as "data controller" (GDPR) and owner of referencing Data Agreements.
""Name of the policy
""Version of the policy
""Permanent URL at which this very version of the Policy can be read, should not be allowed to change over time.
""""""""""""A generic revision model captures the serialized contents of any shema's single row. This is then subject to 1) cryptographic signature and 2) auditing.
Aside from "successor" column, a revision should be considered locked.
""This was previously called "schema" but for technical reasons should be called "schemaName"
""The PK of the object that was serialized.
""Indicates that objectId was left blank in serializedSnapshot when calculating serializedHash. objectId may be subsequently filled in.
""Revisioned data (serialized as JSON) as a dict {objectData: {...}, schemaName: ..., objectId: ..., signedWithoutObjectId: ..., timestamp: ..., authorizedByIndividual: ..., authorizedByOther: ...}. It contains all the fields of the schema except id, successor, predessorHash and predecessorSignature.
""Hash of serializedSnapshot (SHA-1)
""Timestamp of when revisioning happened
""Shallowly models an Individual which may reference some instance in an external system (registration system, functional ID, foundational ID etc). An Individual instance of this model is not to be mistaken with a unique natural individual. It is up to the system owner to decide if this record permits mapping to a natural individual and/or if a single Individual row can map to several consent records.
The unique ID of an Individual row.
""Reference to another foundational/functional ID, which is likely PII
""External id type specifier. A string. For instance "email" or "foundational id". Can be used in later queries.
""This could be an FK, but for now we do not have a mapping of identity providers. IDBB may have more requirements.
""Reference to an admin user that has created this revision
""A generic revision model captures the serialized contents of any shema's single row. This is then subject to 1) cryptographic signature and 2) auditing.
Aside from "successor" column, a revision should be considered locked.
Tamper-resistent artifact from previous record, copied from serializedHash
""Tamper-resistent artifact from previous record (we don't know if the previous record was signed or not)
""CREATE - Creates a new Policy object and returns the new object and a PolicyRevision
A policy governs Data Agreements in the realm of an organisation that is often referred to as "data controller" (GDPR) and owner of referencing Data Agreements.
""Name of the policy
""Version of the policy
""Permanent URL at which this very version of the Policy can be read, should not be allowed to change over time.
""""""""""""A set consisting of the new Policy object created, together with the initial Revision object.
A policy governs Data Agreements in the realm of an organisation that is often referred to as "data controller" (GDPR) and owner of referencing Data Agreements.
""Name of the policy
""Version of the policy
""Permanent URL at which this very version of the Policy can be read, should not be allowed to change over time.
""""""""""""A generic revision model captures the serialized contents of any shema's single row. This is then subject to 1) cryptographic signature and 2) auditing.
Aside from "successor" column, a revision should be considered locked.
""This was previously called "schema" but for technical reasons should be called "schemaName"
""The PK of the object that was serialized.
""Indicates that objectId was left blank in serializedSnapshot when calculating serializedHash. objectId may be subsequently filled in.
""Revisioned data (serialized as JSON) as a dict {objectData: {...}, schemaName: ..., objectId: ..., signedWithoutObjectId: ..., timestamp: ..., authorizedByIndividual: ..., authorizedByOther: ...}. It contains all the fields of the schema except id, successor, predessorHash and predecessorSignature.
""Hash of serializedSnapshot (SHA-1)
""Timestamp of when revisioning happened
""Shallowly models an Individual which may reference some instance in an external system (registration system, functional ID, foundational ID etc). An Individual instance of this model is not to be mistaken with a unique natural individual. It is up to the system owner to decide if this record permits mapping to a natural individual and/or if a single Individual row can map to several consent records.
The unique ID of an Individual row.
""Reference to another foundational/functional ID, which is likely PII
""External id type specifier. A string. For instance "email" or "foundational id". Can be used in later queries.
""This could be an FK, but for now we do not have a mapping of identity providers. IDBB may have more requirements.
""Reference to an admin user that has created this revision
""A generic revision model captures the serialized contents of any shema's single row. This is then subject to 1) cryptographic signature and 2) auditing.
Aside from "successor" column, a revision should be considered locked.
Tamper-resistent artifact from previous record, copied from serializedHash
""Tamper-resistent artifact from previous record (we don't know if the previous record was signed or not)
""READ - fetches the latest version of a Policy and the presented revisionId of an associated Agreement
Unique ID of an object
An object with id revisionId
A policy governs Data Agreements in the realm of an organisation that is often referred to as "data controller" (GDPR) and owner of referencing Data Agreements.
""Name of the policy
""Version of the policy
""Permanent URL at which this very version of the Policy can be read, should not be allowed to change over time.
""""""""""""A generic revision model captures the serialized contents of any shema's single row. This is then subject to 1) cryptographic signature and 2) auditing.
Aside from "successor" column, a revision should be considered locked.
""This was previously called "schema" but for technical reasons should be called "schemaName"
""The PK of the object that was serialized.
""Indicates that objectId was left blank in serializedSnapshot when calculating serializedHash. objectId may be subsequently filled in.
""Revisioned data (serialized as JSON) as a dict {objectData: {...}, schemaName: ..., objectId: ..., signedWithoutObjectId: ..., timestamp: ..., authorizedByIndividual: ..., authorizedByOther: ...}. It contains all the fields of the schema except id, successor, predessorHash and predecessorSignature.
""Hash of serializedSnapshot (SHA-1)
""Timestamp of when revisioning happened
""Shallowly models an Individual which may reference some instance in an external system (registration system, functional ID, foundational ID etc). An Individual instance of this model is not to be mistaken with a unique natural individual. It is up to the system owner to decide if this record permits mapping to a natural individual and/or if a single Individual row can map to several consent records.
The unique ID of an Individual row.
""Reference to another foundational/functional ID, which is likely PII
""External id type specifier. A string. For instance "email" or "foundational id". Can be used in later queries.
""This could be an FK, but for now we do not have a mapping of identity providers. IDBB may have more requirements.
""Reference to an admin user that has created this revision
""A generic revision model captures the serialized contents of any shema's single row. This is then subject to 1) cryptographic signature and 2) auditing.
Aside from "successor" column, a revision should be considered locked.
Tamper-resistent artifact from previous record, copied from serializedHash
""Tamper-resistent artifact from previous record (we don't know if the previous record was signed or not)
""