Consent Architecture


Signatu provides a high-performance API for registering and querying Consent Events for your website and other services. We also provide a developer SDK with a range of themable React UI components. You can also use the REST API directly in any other UI framework such as Vue and Angular, or from your mobile app.

Signatu uses OAuth 2.0 bearer tokens to authorize API requests. Depending on your security needs you may need to proxy requests from your own servers. See Security for additional details.

Consent Architecture

Getting Consent from your users is important to enable you to lawfully process personal- and other data. It also makes sense to build trustful relationships with your users - ask them first. When you use consent as the legal basis, you will require an active and valid consent (“opt-in”) form the user.

Note that the Signatu consent service can be used for “opt-out” scenarios as well, where you use another Legal basis (e.g., legitimate interest) for processing. In that case Signatu will consider the lack of action as a permission, and allow users to actively refuse.


You can register webhooks for consent events, and Signatu will notify your other systems (such as CRM) whenever we receive a new consent event.

Write-once log

You can think the Consent service as a write-once log of immutable events. Once written, Signatu do not allow you or anybody to change the event. This ensures that there will be no questions about the information in the consent event, and will ease your compliance with regulatory requirements.

Events are available for read (i.e., check the status for a customer), and Signatu provides analytics tools to help you understand trends.