Other Articles

Introduction

Configuring consent collection in Kawach involves setting up how user consent is captured, recorded, and managed across your applications. This ensures that every user decision—whether accepting, declining, or revoking consent—is securely stored and available for audit and compliance purposes.

This guide explains how to configure consent collection and how to record consent using Kawach’s API.

Step 1: Define Consent Artifacts

Before collecting consent, you need to define what users are consenting to. These are called consent artifacts.

Artifacts typically include:

• Privacy Policy
• Terms and Conditions
• Cookie Policy
• Data Processing Agreements

Each artifact should have:

• A unique identifier (e.g., privacy_policy)
• A display name
• A type (policy, terms, etc.)
• A lifecycle status (active, draft, deprecated)

Maintaining proper artifact definitions ensures that consent is always linked to the correct document and version.

Step 2: Design Consent Collection Points

Next, identify where consent will be collected in your application. Common collection points include:

• Website forms
• Sign-up or login screens
• Cookie banners
• Mobile application prompts

At each point, users should be able to clearly:

• Accept consent
• Decline consent
• Revoke consent (if previously given)

For better compliance, use explicit and opt-in mechanisms, such as unchecked checkboxes or clear “Accept” buttons.

Step 3: Integrate Kawach Consent API

Once consent collection points are set up, integrate your application with the Kawach Consents API to record user decisions.

Base URL

All API requests must use:

https://in.kawach.ai/api

Step 4: Add Authentication Headers

Every API request must include secure authentication headers:

• x-client-id: <YOUR_CLIENT_ID>
• x-client-secret: <YOUR_CLIENT_SECRET>

These headers ensure that only authorized systems can send or retrieve consent data.

Step 5: Record a Consent Event

Whenever a user takes an action (accepts, declines, or revokes consent), you must create a new consent event using the API.

Endpoint

POST /consent

Full API URL

POST https://in.kawach.ai/api/consent

Required Fields

• actor_identifier – Unique ID of the user
• artifact_identifier – Unique ID of the document
• status – given, revoked, or declined
• type – Type of consent (e.g., privacy_policy, cookie, terms)

Optional Fields (Recommended for Audit Completeness)

• artifact_name – Display name of the document
• artifact_type – Category (policy, terms, etc.)
• artifact_status – Lifecycle state (active, draft, deprecated)

Important:

Every change in user decision must be recorded as a new event. Do not update existing records. This ensures a complete audit trail.

Step 6: Retrieve Consent Records

Kawach allows you to fetch consent data for verification, reporting, or audits.

List All Consents

GET https://in.kawach.ai/api/consents

Retrieve a Specific Consent

GET https://in.kawach.ai/api/consent/:id

This helps in:

• Validating user consent
• Generating compliance reports
• Handling user data requests

Step 7: Best Practices for Consent Configuration

To ensure effective consent management:

• Use explicit, opt-in consent mechanisms
• Always include artifact details for traceability
• Record every consent change as a new event
• Secure API calls with proper authentication
• Maintain consistency across all platforms (web, mobile, backend)

Conclusion

Configuring consent collection in Kawach is a structured process that ensures user permissions are captured accurately and maintained securely. By defining consent artifacts, integrating the API, and following an event-based approach, organizations can build a reliable and auditable consent management system.

This not only helps in meeting compliance requirements but also strengthens user trust by providing transparency and control over their data.