From v0 to v1

Completely re-architected the Consent backend for scalability and throughput, allowing Signatu to handle millions of events every minute.

  1. webhooks are now associcated with the user and not a OAuth application. So it is not possible to have a different set of webhooks for different OAuth applications.
  2. Common endpoint for all APIs api.signatu.com/v1/ instead of versioning each path.
  3. Vault
  4. Oauth application decoupled from vault
  5. All payloads must now be Content-Type: application/json. x-www-form-urlencoded is no longer supported.
  6. issuer is no longer required when creating Consent Events.
  7. target can be specified, but is no longer required in search.
  8. API methods missing parameters now return 400 and not 422.
  • metadata only supports a map of strings
  • token has been removed. Instead, the consent ID is now shorter and more readable.
  • target is now required in order to filter on scope. scope filter without target will be silently ignored.
  • refreshAt (optional). ISO-8601 datetime when the consent should be refreshed - e.g., 2018-11-13T20:20:39+00:00
  • type: (optional) type of consent. Can be used in combination with metadata to store other kinds of consent data. Valid values: IAB, CUSTOM.
  • Empty string values "" are treated as null.