Create new session for the data subject.

GET https://api.consentgrid.io/v1/session/{acct}/for/subject/{type}/{subjectId}?redirect=redirectURL?forceNew=false
Authorization: Bearer apiKey

Creates a new session for this data subject, with the same access rights as the token used to create the session. The returned token expires after one hour if not used. This token will only grant access to some of the APIs for this data subject only. The caller will not be able to access records belonging to another data subject.

The redirect query parameter is a URL back to the caller application. This URL is included in the returned cookie exchange URL.

If forcenew=true and the call has an active cookie already, that session is terminated and a new sesssion is started. Otherwise, existing session is reused.

Session Cookies

Here's how data subject sessions work:

  • Call the createSession API from your backend:
    GET https://api.consentgrid.io/v1/session/for/subject/user/63cb0004-544b-45bd-938c-3e1b9c07fea7?redirect=https://myapp.com/page
  • The API returns a token, and a redirection URL:
    {
      "token": "eyJhb...",
      "url": "https://api.consentgrid.io/v1/session/{myAccountPath}/feedme?token=eyJhb...&redirect=https://myapp.com/page"
    }
  • Use url field contents to send HTTP redirect to your front-end.
  • ConsentGrid™ sets a cookie for the user, and redirects back to https://myapp.com/page.
  • Use AJAX to call ConsentGrid™ APIs:
    $.ajax({url:"https://api.consentgrid.io/v1/...",
      xhrFields: {
         withCredentials: true
      }
      ...

Response

200 Ok
{
  "token": "eyJhb...",
  "url": "https://api.consentgrid.io/v1/session/{myAccountPath}/feedme?token=eyJhb...&redirect=https://myapp.com/page"
}
400 Bad Request

Malformed request, invalid value, etc. The return value is a JSON error object containing diagnostic information.

403 Forbidden

The authenticated key does not have the privileges for this operation. The return value is a JSON error object containing diagnostic information.