Track user consent

When an end user opts in or out of a consent, data about that consent is written to the user record. For example, when an end user opts in using the default marketingConsent field, we know this because their user record will contain things like:

  • consents.marketing.granted = true
  • consents.marketing.updated = 2020-04-15 19:59

Just by looking at the user record, we can tell that this user has consented to being marketed to, and they consented to this on April 15, 2020. Consent data in user record

What if you want to know the history of consent for this user? For example, was there a period of time in the past where the user had an account, but had not consented to being marketed to? This kind of information is NOT found in the user record.

An Identity Cloud user record is meant to store the user’s current profile data - it is not meant to store a log of user actions through history.

Identity Cloud Audit Logs

If you would like to see a log of changes to the user record, you can do this in the Identity Cloud Console:

  1. Click on your application in the left column navigation
  2. Click to open MANAGE PROFILES, and click on the pertinent Entity Type (example: user)
  3. Search for the user record you want to view historical data for. For information on searching user records, see Searching for User Profiles.
  4. Click on the user record in the search results table in order to open it Open user profile in Console
  5. At the top of the user record, click the AUDIT DATA tab
  6. Select a time interval to view audit data for this user Audit data time interval selection in Console

    You can select to view audit data for the past 30, 60 or 90 days, or you can select a custom date range. You cannot view audit data that is older than 90 days.

  7. Once you’ve selected a time interval, you can choose to download a CSV file of the audit data, or you can show the audit data directly in the Console page.

In the example below, we can see the consents/marketing/granted attribute in the user record was changed from null to True on 2020-04-15, and this change was made from a system or digital property associated with the Identity Cloud client ID zfccfzzcf626t449wu5umbt6zhek2det. Audit Data in Console

For more information, see Exporting Audit Data.

What if you want a consent history log that dates back more than 90 days? Or what if you want to automate a download of consent history across all users? We’ll cover this next.

Akamai Identity Cloud provides tools you can leverage to build consent history per your business and legal requirements.

Webhooks

Webhooks are a simple yet powerful notification system which is triggered by events in your Identity Cloud database. User opt triggers webhook | Icons by Font Awesome, see fontawesome.com/license For example, you can configure a webhook to send a notification to your listener endpoint whenever a user record is updated. The notification will contain information such as the data attribute(s) that changed, the UUID of the user record, and the Entity Type where the record resides.

So when a user opts in or out of the marketing consent, this would trigger a notification including something like the following:

"attributes": [
	"consents.marketing.granted"
],
"entityType": "user",
"sub": "6b004bc5-179c-45c2-815d-31b06169371d",

For more information on Identity Cloud webhooks, see Webhooks v3.

Entity API

For security purposes, the webhook notification will not include any actual user data. You can leverage the Identity Cloud Entity API to request the changed data. Webhook triggers API call | Icons by Font Awesome, see fontawesome.com/license For example, you can use the information received in the example above to make a follow-up call to Identity Cloud to get the updated marketing consent data along with the user’s email address:

curl -X POST \
	https://my-registration-domain.janraincapture.com/entity \
	-H 'Authorization: Basic AUTHORIZATION CODE' \
	-H 'Content-Type: application/x-www-form-urlencoded' \
	--data-urlencode type_name=user \
	--data-urlencode uuid=6b004bc5-179c-45c2-815d-31b06169371d \
	--data-urlencode attributes='["email", "consents.marketing"]'
Response:
{
	"result": {
		"email": "janesmith@example.com",
		"consents": {
			"marketing": {
				"clientId": "zfccfzzcf626t449wu5umbt6zhek2det",
				"context": "profileUpdate",
				"granted": true,
				"type": "explicit",
				"updated": "2020-04-15 19:59:34 +0000"
			}
		}
	},
	"stat": "ok"
}

For more information on the Entity API, see /entity.

Consume and store

At this point, you can consume the information you’ve received from the Identity Cloud webhook and API and write it to a log file on your end. Write data to log file | Icons by Font Awesome, see fontawesome.com/license One great option for this is to set up and write to an Amazon S3 bucket. It is recommended that you configure your bucket with S3 Object Lock, a feature of Amazon S3 that allows you to store objects using a write once, read many (WORM) model. This will ensure that your consent history data has not been tampered with.