digi.me consent certificate flow for demo

This page is subject to modifications and clarification changes including but not limited to examples of CA APIs signaling changes to a consent contract.

A digi.me third-party app creates a consent certificate to display to an individual who is running this third-party app.

  • In digi.me ecosystem there is an app that allows the user to look into their private library directly to see the various types of data they are syncing to. I.E. Medical Data, Financial, Social and so on. The fact of digi.me never seeing touching or holding the data discludes digi.me from the requirement of gaining consent from the individual.
    • There are also 3rd party apps using our ontology as service objects - these 3rd party apps use the digi.me APIs and issue the Kantara-compliant consent receipts, know as consent certificates (a contract).
    • The receipt is shown in the user's digi.me management console along with other third-party apps
    • When an individual takes an action on a receipt from the digi.me management console, the 3rd party app receives the signal and is contractually required to act upon the request. currently, the APIs support stopping sharing, revoking sharing, and right to eraser of the information/data shared.
    • Here is an example of the certificate and the user journey Where SAND a third-party app is launch and a request to sharing data has already been given.


  • here are the link to the developer site:     https://developers.digi.me 
  • At the highest level, Consent Access (CA) is an API from digi.me that enables you to ask a user for consent to access some of their data. You do this by proposing a contract with the user that spells out what type of data you want, what you will and won't do with it, how long you will retain it and if you will implement the right to be forgotten.
    • 1. Register one or more CA contracts with digi.me and specify a PUBLIC_KEY with which digi.me can encrypt user data for your app 

      2. Initiate CA by calling the digi.me app with your app_id and contract_id 
      3. The digi.me app will fetch the contract, present it to the user and ask for consent 

      4. If the user accepts the contract, two things happen: 

      - The CA API starts preparing user data for your app according to what was specified in the contract 
      - The CA API will return a session_id to your app 

      5. Using your app_id and session_id , you will query the API for available data (contained in files) 

      6. For each available file, you will:

      - Fetch the file 
      - Decrypt it using your PRIVATE_KEY


  • Digi.me Consent Access (CA) Flow  - 01 Top Level