Consent Management#

This guide is for developers implementing consent-based data access in OpenSPP API V2 integrations.

Consent Response Headers#

API responses include consent status headers:

X-Consent-Status: active
X-Consent-Scope: individual

Header	Description
`X-Consent-Status`	`active`, `no_consent`, `expired`, `legal_basis`, `scope_mismatch`
`X-Consent-Scope`	Resource type the consent applies to (e.g., `individual`, `group`)

Response Filtering#

Consent Scopes#

Consent is granted at different levels:

Scope	Fields Included
`individual:basic`	identifier, name, active
`individual:demographic`	basic + birthDate, gender
`individual:contact`	demographic + telecom, address
`individual:full`	All fields
`individual:custom`	Administrator-defined field list

Extension Fields#

Module extensions require explicit consent:

GET /api/v2/spp/Individual/...?_extensions=farmer

If consent doesn't include the farmer extension:

{
  "resourceType": "Individual",
  "identifier": [...],
  "name": {...},
  "_consent": {
    "status": "active",
    "message": "Extension 'farmer' not included in consent scope",
    "allowedExtensions": []
  }
}

Legal Basis (No Consent Required)#

Some API clients operate under legal basis that doesn't require individual consent:

Legal Basis	Example	Consent Required
`consent`	Mobile app for beneficiaries	Yes
`legal_obligation`	Tax authority audit	No
`vital_interest`	Emergency health services	No
`public_task`	Government statistical office	No
`contract`	Payment processor	No

API clients with legal basis bypass consent checks but still respect scope restrictions.

Consent API Endpoints#

{note} Consent records are created and managed through the OpenSPP user interface, not via the API. The API provides read-only access to consent status and supports consent revocation.

Available Operations#

Operation	Endpoint	Description
Get Status	`GET /Consent/{id}`	Check consent status
Revoke	`POST /Consent/{id}/$revoke`	Revoke consent (GDPR Art 7.3)
Revoke (DELETE)	`DELETE /Consent/{id}`	Alternative revocation method
Receipt	`GET /Consent/{id}/$receipt`	Generate ISO 29184 receipt
History	`GET /Consent/{id}/$history`	View consent version history
Access Summary	`GET /Consent/{id}/$access-summary`	View data access logs

Consent Collection Methods#

When consent is created through the OpenSPP UI, the collection method is recorded:

Method	Description
`written`	Paper form with signature
`verbal`	Verbal consent (witnessed)
`electronic`	Digital signature, checkbox, etc.
`implied`	Implied by service request

Purpose Limitation#

Consent is purpose-specific. When created through the UI, administrators specify the purpose:

Purpose	Description
`service_delivery`	Delivering program benefits
`eligibility_verification`	Checking program eligibility
`analytics`	Anonymized statistics
`research`	Academic research
`audit`	Compliance audits

Best Practices#

2. Request Only What You Need#

Don't request all fields if you only need basic info:

# ✅ Good - Request only needed fields
GET /api/v2/spp/Individual/...?_elements=identifier,name

# ❌ Bad - Request everything
GET /api/v2/spp/Individual/...

3. Handle Partial Data Gracefully#

Always check if expected fields are present:

individual = fetch_individual(identifier, token, base_url)

# ✅ Good - Check before accessing
if "telecom" in individual:
    phone = individual["telecom"][0]["value"]
else:
    phone = None  # Not consented

# ❌ Bad - Assume field exists
phone = individual["telecom"][0]["value"]  # May crash

5. Document Your Purpose#

Always specify why you're accessing data:

# In your application documentation
PURPOSE = "eligibility_verification"
PURPOSE_DESCRIPTION = "Checking eligibility for farmer subsidy program"

# Include in audit logs
logger.info(f"Accessing individual {identifier} for purpose: {PURPOSE}")

Complete Example#

import requests

class ConsentAwareClient:
    """API client with consent awareness."""

    def __init__(self, client_id, client_secret, base_url):
        self.base_url = base_url
        self.client_id = client_id
        self.token = None  # Implement token management

    def get_individual_with_consent(self, identifier):
        """Fetch individual with consent checking."""
        headers = {"Authorization": f"Bearer {self.token}"}
        response = requests.get(
            f"{self.base_url}/Individual/{identifier}",
            headers=headers
        )
        response.raise_for_status()

        # Check consent status from headers
        consent_status = response.headers.get("X-Consent-Status")
        consent_scope = response.headers.get("X-Consent-Scope")

        data = response.json()

        # Add consent metadata to response
        data["_consentInfo"] = {
            "status": consent_status,
            "scope": consent_scope,
        }

        # Warn if consent issues
        if consent_status == "no_consent":
            data["_consentInfo"]["warning"] = "No consent on file. Limited data returned."
        elif consent_status == "expired":
            data["_consentInfo"]["warning"] = "Consent has expired. Limited data returned."

        return data

    def revoke_consent(self, consent_id, reason=None):
        """Revoke a consent via API."""
        headers = {
            "Authorization": f"Bearer {self.token}",
            "Content-Type": "application/json"
        }

        payload = {"reason": reason} if reason else {}

        response = requests.post(
            f"{self.base_url}/Consent/{consent_id}/$revoke",
            headers=headers,
            json=payload
        )
        response.raise_for_status()
        return response.json()

# Usage
client = ConsentAwareClient(
    client_id="ministry-of-agriculture",
    client_secret="your-secret",
    base_url="https://api.openspp.org/api/v2/spp"
)

# Fetch with consent checking
individual = client.get_individual_with_consent(
    "urn:gov:ph:psa:national-id|PH-123456789"
)

if individual["_consentInfo"]["status"] == "active":
    print(f"Full data available: {individual['name']['text']}")
elif individual["_consentInfo"]["status"] == "no_consent":
    print("Limited data. Consent must be obtained through OpenSPP UI.")

Are You Stuck?#

Getting only identifiers in responses?

This indicates no consent. Check the X-Consent-Status header. If no_consent, the registrant needs to provide consent through the OpenSPP user interface.

How do I know what fields are allowed?

Check the _consent.allowedFields array in responses with consent restrictions.

Can I bypass consent for emergencies?

If your API client has legal_basis: vital_interest, consent checks are relaxed. Contact your administrator to configure this.

Consent expired—what now?

The registrant must renew consent through the OpenSPP user interface. Contact your program administrator.

Can registrants revoke consent themselves?

Yes, through the beneficiary portal or mobile app. Your integration should handle revoked consent gracefully (you'll receive limited data).

Next Steps#

API Resources - Learn about available API resources
Search and Filtering - Advanced search capabilities
Error Handling - Error handling
Authentication - OAuth 2.0 setup

OpenSPP Documentation v2.0

Consent Management

Contents

OpenSPP Documentation v2.0

Consent Management

Contents

Consent Management#

Why Consent Matters#

How Consent Works#

Consent Response Headers#

Response Filtering#

Full Consent#

Basic Consent (Limited Fields)#

No Consent#

Consent Expired#

Consent Scopes#

Extension Fields#

Legal Basis (No Consent Required)#

Checking Consent Programmatically#

Example: Python#

Example: JavaScript#

Consent API Endpoints#

Available Operations#

Get Consent Status#

Revoke Consent#

Consent Collection Methods#

Purpose Limitation#

Handling Consent Errors#

403 Forbidden: Insufficient Consent#

Consent Scope Mismatch#