Didomi Platform API

info:
  title: Didomi API
  description: 'A REST API to communicate with the Didomi platform (<a href="https://api.didomi.io/v1/">https://api.didomi.io/v1/</a>)


    This is the complete specification of the API. A complete guide to authenticating and using the API is available on our
    <a href="https://developers.didomi.io/" target="_blank">Developers Portal</a>.


    All HTTP calls to the API require a valid JWT token. The token must be provided in an **Authorization** header with the
    value "Bearer <token>".

    Click on the Authorize button in the header of this page to provide a token before testing requests from this documentation.


    '
  version: '1.0'
components:
  securitySchemes:
    bearer:
      scheme: bearer
      bearerFormat: JWT
      type: http
  schemas:
    sessions:
      type: object
      title: Session
      description: A session contains authentication information for a user or an API key
      properties:
        type:
          type: string
          description: The type of session ("api-key" or "email")
        key:
          type: string
          description: The key used for authentication (either an email address or an API key)
        access_token:
          type: string
          description: The access token to use when making API calls with this session
      required:
      - type
      - key
      - secret
    sessions-input:
      type: object
      title: SessionInput
      properties:
        type:
          type: string
          description: The type of session ("api-key" or "email")
        key:
          type: string
          description: The key to use for authentication (either an email address or an API key)
        secret:
          type: string
          description: The secret to use for authentication (either a password or an API secret)
      required:
      - type
      - key
      - secret
    keys:
      type: object
      title: APIKey
      description: An API key allows machine-to-machine authentication and authorization
      properties:
        id:
          type: string
          description: Unique ID of the API key
        name:
          type: string
          description: Name of the API key to help identify it. This could be the name of the app or team that will be using
            it, or a short description of what the key will be used for
        description:
          type: string
          description: Description of the API key
        organization_id:
          type: string
          description: ID of the organization that owns the API key
        created_at:
          type: string
          description: Creation date of the API key (ISO8601)
        enabled:
          type: boolean
          description: Status of the API key. A disabled API key cannot be used for obtaining a token. Already issued tokens
            remain valid until their expiration.
        is_internal:
          type: boolean
          description: Marks an API key as internal. These keys are managed by Didomi. Internal keys are excluded from list
            results unless explicitly requested.
    keys-input-create:
      type: object
      title: APIKeyInputCreate
      properties:
        organization_id:
          type: string
          description: ID of the organization that owns the API key
        name:
          type: string
          description: Unique name to identify this key like the app or team that will be using it, or what it will be used
            for
        description:
          type: string
          description: Description of the API key
        is_internal:
          type: boolean
          description: Marks an API key as internal. These keys are managed by Didomi. Internal keys are excluded from list
            results unless explicitly requested.
    keys-input-update:
      type: object
      title: APIKeyInputUpdate
      properties:
        name:
          type: string
          description: Unique name to identify this key like the app or team that will be using it, or what it will be used
            for
        description:
          type: string
          description: Description of the API key
        enabled:
          type: boolean
          description: Status of the API key. A disabled API key cannot be used for obtaining a token. Already issued tokens
            remain valid until their expiration.
    quotas:
      type: object
      title: Quota
      description: A quota defines some resource limits on the didomi platform by organization
      properties:
        id:
          type: string
          description: Quota ID
        created_at:
          type: string
          description: Creation date of the quota
          format: date-time
        updated_at:
          type: string
          description: Last update date of the quota
          format: date-time
        organization_id:
          type: string
          description: Identifier of the organization the quota belongs to
        exports_configs:
          type: number
          description: Limit on enabled export configs for the organization
        exports_destinations:
          type: number
          description: Limit on export destinations per export config for the organization
        scraper_enabled_properties:
          type: number
          description: Limit on enabled scraper properties for the organization
        parallel_notices_deployments:
          type: number
          description: Maximum number of notices deployments that can be run in parallel for the organization
        consent_proof_reports:
          type: number
          description: Maximum number of consent proof reports that can be generated by an organization per month
        api_requests:
          type: number
          description: Maximum number of API requests (excluding requests to the /consents/* endpoint) that can be made by
            an organization per quota period
        delivery_clouds:
          type: number
          description: Maximum number of delivery clouds per organization
        services_per_delivery_cloud:
          type: number
          description: Maximum number of services per delivery cloud
        regions_per_delivery_cloud:
          type: number
          description: Maximum number of regions per delivery cloud
        domains_per_delivery_cloud:
          type: number
          description: Maximum number of custom domains associated with a delivery cloud.
        acm_scan_max_pages_per_property:
          type: number
          description: Maximum number of pages that can be scanned during an ACM report scan.
        secrets:
          type: number
          description: Maximum number of secrets allowed to be created by an organization.
        metadata_purposes:
          type: number
          description: Maximum number of metadata purposes allowed to be created by an organization.
        metadata_partners:
          type: number
          description: Maximum number of metadata partners allowed to be created by an organization.
        version:
          type: number
          description: Revision number of the quota object
      required:
      - id
      - organization_id
    domains:
      title: Domain
      type: object
      properties:
        id:
          type: string
          description: Fully qualified domain name
        organization_id:
          type: string
          description: The ID of the organization that owns this data processing
        description:
          type: string
          description: Description of the domain name usage in your organization
        enabled:
          type: boolean
          description: Whether the domain is enabled or not. Disabling a domain triggers de-provisioning of the domain on
            the Didomi platform which might break existing notices or privacy centers if the domain is still in use. Make
            sure that the domain is not used anymore before disabling it.
        entity_id:
          type: string
          description: Which entity the domain is used by. This entity ID is currently used by PMP for the domain to properly
            redirect to the correct S3 bucket (preference-center/organization_id/entity_id/)
        type:
          type: string
          description: Type of the domain. "custom" indicates a domain owned and delegated by a client while "managed" indicates
            a domain that Didomi owns and manages like "privacy-center.org". This is automatically set when a domain is created
        status:
          type: string
          description: "Provisioning status on the Didomi platform. \n    Possible values: \n      draft (domain is created\
            \ but not deployed yet), \n      scheduled (domain is scheduled for deployment), \n      to_be_deleted (domain\
            \ is scheduled for deletion),\n      deploying (domain is being provisioned),\n      deleting (domain is being\
            \ deleted),\n      failed (domain deployment/deletion failed),\n      ready (domain is provisioned and ready for\
            \ use)"
        usage:
          type: string
          description: 'What the domain is used for: CMP ("cmp"), Privacy Center ("privacy-center"), Preference Center ("preference-center")'
        bots_crawl:
          type: string
          description: 'Controls whether bots are allowed to crawl the domain. Possible values: "allow_all" (allow crawls
            from any bots) or "disallow_all" (disallow crawls from all bots)'
          enum:
          - allow_all
          - disallow_all
        created_at:
          type: string
          description: Creation date of the domain
          format: date-time
        updated_at:
          type: string
          description: Last update date of the domain
          format: date-time
        version:
          type: number
          description: Revision number of the domain entity
    domains-input-create:
      title: DomainInputCreate
      type: object
      properties:
        id:
          type: string
          description: Fully qualified domain name
        organization_id:
          type: string
          description: The ID of the organization that owns this data processing
        description:
          type: string
          description: Description of the domain name usage in your organization
        enabled:
          type: boolean
          description: Whether the domain is enabled or not. Disabling a domain triggers de-provisioning of the domain on
            the Didomi platform which might break existing notices or privacy centers if the domain is still in use. Make
            sure that the domain is not used anymore before disabling it.
        entity_id:
          type: string
          description: Which entity the domain is used by. This entity ID is currently used by PMP for the domain to properly
            redirect to the correct S3 bucket (preference-center/organization_id/entity_id/)
        status:
          type: string
          description: "Provisioning status on the Didomi platform. \n    Possible values: \n      draft (domain is created\
            \ but not deployed yet), \n      scheduled (domain is scheduled for deployment), \n      to_be_deleted (domain\
            \ is scheduled for deletion),\n      deploying (domain is being provisioned),\n      deleting (domain is being\
            \ deleted),\n      failed (domain deployment/deletion failed),\n      ready (domain is provisioned and ready for\
            \ use)"
        usage:
          type: string
          description: 'What the domain is used for: CMP ("cmp"), Privacy Center ("privacy-center"), Preference Center ("preference-center")'
        bots_crawl:
          type: string
          description: 'Controls whether bots are allowed to crawl the domain. Possible values: "allow_all" (allow crawls
            from any bots) or "disallow_all" (disallow crawls from all bots)'
          enum:
          - allow_all
          - disallow_all
      required:
      - id
      - usage
      - organization_id
    domains-input-update:
      title: DomainInputUpdate
      type: object
      properties:
        description:
          type: string
          description: Description of the domain name usage in your organization
        enabled:
          type: boolean
          description: Whether the domain is enabled or not. Disabling a domain triggers de-provisioning of the domain on
            the Didomi platform which might break existing notices or privacy centers if the domain is still in use. Make
            sure that the domain is not used anymore before disabling it.
        entity_id:
          type: string
          description: Which entity the domain is used by. This entity ID is currently used by PMP for the domain to properly
            redirect to the correct S3 bucket (preference-center/organization_id/entity_id/)
        status:
          type: string
          description: "Provisioning status on the Didomi platform. \n    Possible values: \n      draft (domain is created\
            \ but not deployed yet), \n      scheduled (domain is scheduled for deployment), \n      to_be_deleted (domain\
            \ is scheduled for deletion),\n      deploying (domain is being provisioned),\n      deleting (domain is being\
            \ deleted),\n      failed (domain deployment/deletion failed),\n      ready (domain is provisioned and ready for\
            \ use)"
        bots_crawl:
          type: string
          description: 'Controls whether bots are allowed to crawl the domain. Possible values: "allow_all" (allow crawls
            from any bots) or "disallow_all" (disallow crawls from all bots)'
          enum:
          - allow_all
          - disallow_all
    secrets:
      type: object
      title: Secret
      description: A secret is used to authenticate API requests in unsecure environments (client-side, emails, etc.)
      properties:
        id:
          type: string
          description: Secret ID
        name:
          type: string
          description: Name of the secret
        description:
          type: string
          description: Description of the secret
        secret:
          type: string
          description: The actual secret
        organization_id:
          type: string
          description: The ID of the organization that owns this secret
        created_at:
          type: string
          description: Creation date of the secret
          format: date-time
        updated_at:
          type: string
          description: Last update date of the secret
          format: date-time
        version:
          type: number
          description: Revision number of the secret
      required:
      - id
      - name
      - organization_id
    secrets-input:
      title: SecretInput
      type: object
      properties:
        name:
          type: string
          description: Name of the secret
        description:
          type: string
          description: Description of the secret
        organization_id:
          type: string
          description: The ID of the organization that owns this secret
      required:
      - name
      - organization_id
    platform-integrations-sessions-input:
      type: object
      properties: {}
      required: []
    platform-integrations-sessions:
      type: object
      properties:
        type:
          type: string
          description: Session type (always "api-key")
          example: api-key
        key:
          type: string
          description: API key ID
        access_token:
          type: string
          description: JWT access token for API authentication
        platform_integration_id:
          type: string
          description: ID of the platform integration this token authenticates against.
      required:
      - type
      - key
      - access_token
      - platform_integration_id
    cookies:
      type: object
      title: Cookie
      description: A cookie that is set by a property when consumers visit it
      properties:
        id:
          type: string
          description: Cookie ID
        name:
          type: string
          description: Name of the cookie
        domain:
          type: string
          description: Domain that the cookie is set on
        lifetime:
          type: integer
          description: Lifetime of the cookie (in seconds)
        status:
          type: string
          description: The status of the cookie for the privacy center (draft or published)
        taxonomy_id:
          type: string
          description: The ID of the taxonomy item for classifying this cookie
        property_id:
          type: string
          description: The ID of the property that sets this cookie
        vendor_id:
          type: string
          description: The ID of the vendor that sets or uses this cookie (if any)
        created_at:
          type: string
          description: Creation date of the property
          format: date-time
        updated_at:
          type: string
          description: Last update date of the property
          format: date-time
        version:
          type: number
          description: Revision number of the property object
      required:
      - id
      - name
      - taxonomy_id
      - property_id
    cookies-input:
      title: CookieInput
      type: object
      properties:
        name:
          type: string
          description: Name of the cookie
        domain:
          type: string
          description: Domain that the cookie is set on (should be the same as the property or a sub-domain)
        lifetime:
          type: integer
          description: Lifetime of the cookie (in seconds)
        status:
          type: string
          description: The status of the cookie for the privacy center (draft or published)
        taxonomy_id:
          type: string
          description: The ID of the taxonomy item for classifying this cookie
        vendor_id:
          type: string
          description: The ID of the vendor that sets or uses this cookie (if any)
        property_id:
          type: string
          description: The ID of the property that sets this cookie
      required:
      - name
      - domain
      - taxonomy_id
      - property_id
    languages:
      title: Languages
      type: object
      properties:
        available:
          type: array
          items:
            type: string
            description: List of available locales
        default:
          type: string
          description: Fallback locale to use if the configured language is not a supported language
        defaultCountries:
          type: object
          description: Mapping of default countries if the locale does not provide it
    dashboards-urls:
      type: object
      title: dashboard
      properties:
        id:
          type: string
          description: Dashboard ID
        name:
          type: string
          description: Dashboard name
        order:
          type: number
          description: The dashboard order
        url:
          type: string
          description: Signed URL of the dashboard
        category:
          type: string
          $ref: '#/components/schemas/DashboardUrlCategory'
          description: The category of the dashboard. Used for grouping dashboard (per page for example).
        type:
          type: string
          $ref: '#/components/schemas/DashboardUrlType'
          description: Type of the dashboard
        product:
          type: string
          $ref: '#/components/schemas/DashboardUrlProduct'
          description: The product that the dashboard belongs to.
        aggregation_period:
          type: string
          $ref: '#/components/schemas/DashboardUrlAggregationPeriod'
          description: The aggregation period.
        description:
          type: string
          description: The dashboard description.
        illustration_ref:
          type: string
          description: The illustration ref url.
      required:
      - id
      - url
      - type
      - aggregation_period
      - product
    DashboardUrlCategory:
      type: string
      enum:
      - analytics
      - home
    DashboardUrlType:
      type: string
      enum:
      - cluvio
      - redash
    DashboardUrlProduct:
      type: string
      enum:
      - cmp
      - pmp
      - integration
      - acm
    DashboardUrlAggregationPeriod:
      type: string
      enum:
      - monthly
      - weekly
      - daily
      - hourly
    organizations:
      type: object
      title: Organization
      description: An organization can have multiple properties and users
      properties:
        id:
          type: string
          description: Organization ID
        name:
          type: string
          description: Name of the organization
        website:
          type: string
          format: uri
          description: Website URL of the organization
        created_at:
          type: string
          description: Creation date of the organization
          format: date-time
        updated_at:
          type: string
          description: Last update date of the organization
          format: date-time
        industry_id:
          type: string
          description: Identifier of industry that the organization belongs to
        analytics_url:
          type: string
          description: URL to a public Redash dashboard
        public_api_key:
          type: string
          description: Public API key of the organization (for consent collection on public properties)
        version:
          type: number
          description: Revision number of the organization object
        validate_purpose_id:
          type: boolean
          description: Enable or disable the validation of the purposes in the consent API
        disable_preferences_in_consents:
          type: boolean
          description: Allow or disallow the use of preferences of the consents object in the consent API
        auth_enabled:
          type: boolean
          description: Enable or disable authentication for end users
        auth_allow_user_creation:
          type: boolean
          description: Enable or disable creation of an end user on authentication if it doesn't exist
        auth_message_priority:
          type: array
          description: List the priority of message channels, from the most important to the least
          items:
            type: string
        allow_tcf_with_custom_text:
          type: boolean
          description: Whether the organization is allowed to publish consent notices without a standard approved text
        self_register:
          type: boolean
          description: Whether the organization is created by a user (true) or via Didomi's Customer Succes team (false)
        organization_group_id:
          type: string
          description: Identifier of the organization group that the organization belongs to
        organization_group_name:
          type: string
          description: Name of the organization group that the organization belongs to
          nullable: true
        iab_tcf_cmp_id:
          type: integer
          description: The IAB TCF CMP ID of the organization. If available, the ID will be added to generated TCF consent
            strings. If not available, the ID will be set to Didomi. If an ID is provided, it must be present in the IAB TCF
            CMP list (https://cmplist.consensu.org/v2/cmp-list.json).
          nullable: true
        allow_chat_support:
          type: boolean
          description: Controls wether the organization should be allowed to contact support via chat
      required:
      - id
      - name
    organizations-input:
      title: OrganizationInput
      type: object
      properties:
        name:
          type: string
          description: Unique name of the organization
        website:
          type: string
          format: uri
          description: Website URL of the organization
        industry_id:
          type: string
          description: identifier of industry that the organization belongs to
        analytics_url:
          type: string
          description: URL to a public Redash dashboard
        auth_enabled:
          type: boolean
          description: Enable or disable authentication for end users - (DEPRECATED - auth is now always enabled)
        auth_allow_user_creation:
          type: boolean
          description: Enable or disable creation of an end user on authentication if it doesn't exist
        auth_message_priority:
          type: array
          description: List the priority of message channels, from the most important to the least
          items:
            type: string
        organization_group_id:
          type: string
          description: Identifier of the organization group that the organization belongs to
        salesforce_account_id:
          type: string
          description: Identifier of the salesforce account that the organization group belongs to
      required:
      - name
    members:
      type: object
      title: Member
      description: A member of an organization
      properties:
        id:
          type: string
          description: Member ID (ie, ID of the user in the organization)
        role_id:
          type:
          - string
          - 'null'
          description: Role identifier attached to the user membership
        organization_id:
          type: string
          description: Organization ID
        user_id:
          type: string
          description: User ID
        authentication_method:
          type: string
          enum:
          - email_password
          - google
          - microsoft
          - saml_sso
        saml_active:
          type: boolean
        created_at:
          type: string
          description: Date when the user was added to the organization
          format: date-time
        updated_at:
          type: string
          description: Last update date of the member
          format: date-time
        version:
          type: number
          description: Revision number of the member record
      required:
      - id
      - organization_id
      - user_id
    members-invite-to-org-input:
      title: InvitedMemberInput
      type: object
      properties:
        name:
          type: string
          description: The invited user's name
        email:
          type: string
          description: The invited user's email
        organization_id:
          type: string
          description: Organization ID
      required:
      - name
      - email
      - organization_id
    privacy-centers:
      type: object
      title: PrivacyCenter
      description: A privacy center gives legal information to users as well as options to manage consent
      properties:
        id:
          type: string
          description: Privacy Center ID
        name:
          type: string
          description: Display name of the privacy center (usually the company or website name)
        website:
          type: string
          format: uri
          description: URL of the website linked to the privacy center
        custom_domains:
          type: array
          description: 'Sub-domains that the privacy center should be served on (without http or / ; example: privacy.domain.com)'
          items:
            type: string
        contact:
          $ref: '#/components/schemas/privacy-centers-contact'
        customization:
          $ref: '#/components/schemas/privacy-centers-customization'
        legal_name:
          type: string
          description: Full legal name of the company
        display_cookies:
          type: string
          description: How to display the cookies section in the privacy center?
          enum:
          - list
          - choices
          - none
        privacy_policy:
          type: string
          description: The privacy policy to display in the privacy center formatted with Markdown (English)
        content:
          type: object
          description: Texts of the privacy center
        languages:
          type: array
          description: Languages enabled in the privacy center (two-letter codes or two-letter language and two-letter country
            code); an empty list or a null value will enabled all available languages
          items:
            type: string
        auth_required:
          type: boolean
          description: Whether end users must be authenticated when accessing a privacy center
        organization_id:
          type: string
          description: The ID of the organization that owns this privacy center
        created_at:
          type: string
          description: Creation date of the privacy center
          format: date-time
        updated_at:
          type: string
          description: Last update date of the privacy center
          format: date-time
        version:
          type: number
          description: Revision number of the privacy center object
      required:
      - id
      - name
    privacy-centers-input:
      title: PrivacyCenterInput
      type: object
      properties:
        name:
          type: string
          description: Display name of the privacy center (usually the company or website name)
        website:
          type: string
          format: uri
          description: URL of the website linked to the privacy center
        custom_domains:
          type: array
          description: Sub-domains that the privacy center should be served on
          items:
            type: string
        contact:
          $ref: '#/components/schemas/privacy-centers-contact'
        customization:
          $ref: '#/components/schemas/privacy-centers-customization'
        legal_name:
          type: string
          description: Full legal name of the company
        display_cookies:
          type: string
          description: How to display the cookies section in the privacy center?
          enum:
          - list
          - choices
          - none
        privacy_policy:
          type: string
          description: The privacy policy to display in the privacy center formatted with Markdown (English)
        content:
          type: object
          description: Texts of the privacy center
        languages:
          type: array
          description: Languages enabled in the privacy center (two-letter codes); an empty list or a null value will enabled
            all available languages
          items:
            type: string
        auth_required:
          type: boolean
          description: Whether end users must be authenticated when accessing a privacy center
        organization_id:
          type: string
          description: The ID of the organization that owns this property
      required:
      - name
      - organization_id
    privacy-centers-contact:
      type: object
      title: Contact
      description: Contact information of the DPO or person in charge of privacy
      properties:
        email:
          type: string
          description: Email address
        schedule:
          type: string
          description: Phone number
        address:
          type: string
          description: Postal address
    privacy-centers-customization:
      type: object
      title: Customization
      description: Customization options for the privacy center
      properties:
        logo:
          type: string
          format: uri
          description: URL of the logo to display (must be HTTPS)
        colors:
          type: object
          title: Colors
          description: Colors information
          properties:
            primary:
              type: string
              description: Primary color to use in the Privacy Center theme
    vendors:
      type: object
      title: Vendor
      description: A vendor that provides services to a property
      properties:
        id:
          type: string
          description: The ID of the vendor for the property (ie different from the ID of the vendor metadata on the Didomi
            platform)
        status:
          type: string
          description: The status of the vendor for the privacy center (draft or published)
        property_id:
          type: string
          description: The ID of the property that sets this cookie
        metadata_id:
          type: string
          description: The ID of the vendor metadata
        created_at:
          type: string
          description: Creation date of the property
          format: date-time
        updated_at:
    

# --- truncated at 32 KB (379 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/didomi/refs/heads/main/openapi/didomi-platform-api-openapi.yml