Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/alphagov/consent-api

Service for sharing user consent to cookies across multiple domains
https://github.com/alphagov/consent-api

cookie-consent data-infrastructure data-infrastructure-team data-services sde

Last synced: 8 months ago
JSON representation

Service for sharing user consent to cookies across multiple domains

Awesome Lists containing this project

README 

          
# Single Consent



The Single Consent service enables easily sharing a user's consent or rejection

of cookies across different websites. This ensures a seamless user experience by

remembering a user's preferences without repeatedly asking for consent.



## How does it work?



1. **Cookie Consent**: When you visit a Single Consent enabled website, you may

   encounter a pop-up or banner asking for your consent to use cookies.



2. **Unique ID**: If you respond, your consent to (or refusal of) cookies is

   then submitted to the Single Consent service, which assigns you a randomly

   generated unique ID. This ID does not contain any personal information about

   you.



3. **Central Database**: Your consent data is then associated with your unique

   ID and stored in the central Single Consent database.



4. **Javascript Client**: The website receives your unique ID via the Single

   Consent client, a small piece of Javascript code embedded in the website.



5. **Link Decoration**: The client automatically appends your

   unique ID as a parameter to the links you click on which lead to other

   Single Consent enabled websites.



6. **Consent Lookup**: When a Single Consent enabled website receives a request

   with a URL containing your unique ID, it uses this ID to look up your consent

   data in the central database. Using this data, the website can respect your

   preferences and avoid asking for consent again.



7. **Revoking Consent**: If you change your mind and refuse (or grant) consent

   to use cookies, you can modify your cookie settings on the current website

   and it will submit the updated data to the central database, making all other

   Single Consent enabled websites aware of your changed preferences.



8. **ID Cookie**: The Single Consent client also stores your unique ID in a

   cookie for the current website, so that if you return to the site without

   clicking a link (eg via a bookmark, or typing in the URL to the address bar

   in your browser), your consent preferences will be remembered.



9. **Audit Logging**: Following the CQRS (Command Query Responsibility Segregation) pattern,

   whenever consent data is written to the PostgreSQL database, an event is also pushed

   to a BigQuery dataset. This provides a complete audit trail of all consent changes,

   enabling future analysis and compliance verification if needed.



## System Architecture



![System Architecture Diagram](docs/diagram.png)



## Quick Start



### Prerequisites

- Docker and Docker Compose



### Running Locally



```shell

# Build and start all services

make docker-build

docker compose up

```



## Installation



You can run all the services without setup needed:



```shell

make docker-build

docker compose up

```



Each time a file is modified in the applications, the container application will restart.



## Integration Tests



```

cd apps/consent-api/tests

BASE_URL=http://localhost:8000 poetry run pytest .

```



You can also point the integration tests at the cloud instances by specifying the URL.



## Documentation



- [Architecture Documentation](docs/architecture.md)

- [Development Guide](docs/development.md)

- [Client Library Documentation](client/README.md)



## API Documentation



API documentation is available via Swagger UI when running the service locally at:

http://localhost:8000/docs



## License



Unless stated otherwise, the codebase is released under the MIT License. This covers

both the codebase and any sample code in the documentation. The documentation is ©

Crown copyright and availabe under the terms of the Open Government 3.0 licence.



## Contact the team



The Single Consent service is maintained by a team at Government Digital

Service. If you want to know more about the service, please email the Data

Infrastructure team or get in touch with them on Slack.



Team email:

`data-tools-alerts@digital.cabinet-office.gov.uk`



You can also contact the maintainers of this repository via email:



- Guilhem Forey: `guilhem.forey@digital.cabinet-office.gov.uk`