SocialHub.AI

Compliance & Consent API Live

Read your team's published member privacy / compliance statement and verify per-member consent over a governed v2 REST API. Your storefront, app, data warehouse or back office can fetch the current statement, walk its version history, and confirm exactly which version a member agreed to — with scoped, audited keys.

Authentication & scopes

All endpoints are on the Flash API host and authenticate with a server-side API key (Bearer). The team is always derived from the key — never sent in the request. Two read-only scopes gate access:

  • privacy:read — the statement: current version, history, and a specific version.
  • consent:read — a member's consent records (version, scopes, status, time).
# Every call uses a server-side API key (Bearer). teamId is derived from the key,
# never sent in the request. Two read scopes:
#   privacy:read  → the statement (current / history / a version)
#   consent:read  → a member's consent records
curl https://flash.socialhub.ai/api/v2/privacy/current \
  -H "Authorization: Bearer fl_live_your_key_here"

Read the statement

Published and archived versions only — drafts are never exposed, and content is sanitized (internal review markers stripped) before it leaves the API.

GET https://flash.socialhub.ai/api/v2/privacy/current          # scope: privacy:read

# 200 — the current published statement (sanitized), or { "data": null } if none published.
{
  "data": {
    "id": "pol_…",
    "version": "v3",
    "versionSeq": 3,
    "status": "published",
    "locale": "en",
    "changeType": "material",
    "changeSummary": "Updated data-retention section",
    "effectiveAt": "2026-02-01T00:00:00.000Z",
    "contentHash": "…sha256…",
    "content": { "sections": [ { "key": "intro", "title": "…", "body": "…" } ] }
  }
}
GET https://flash.socialhub.ai/api/v2/privacy/policies         # scope: privacy:read

# 200 — version history, newest first (metadata only; published & archived — never drafts).
{
  "data": [
    { "id": "pol_3", "version": "v3", "versionSeq": 3, "status": "published",
      "changeType": "material", "effectiveAt": "2026-02-01T00:00:00.000Z", "contentHash": "…" },
    { "id": "pol_2", "version": "v2", "versionSeq": 2, "status": "archived",
      "changeType": "minor", "effectiveAt": "2026-01-01T00:00:00.000Z", "contentHash": "…" }
  ],
  "total": 2
}

GET https://flash.socialhub.ai/api/v2/privacy/policies/{id}    # one version, full sanitized content (404 for a draft id)

Verify consent

Confirm exactly which statement version and scopes a member consented to. Records are append-only evidence and survive a member's deletion; the API returns what you need to verify — without the raw IP or user-agent (PII minimization).

GET https://flash.socialhub.ai/api/v2/members/{id}/consents   # scope: consent:read

# 200 — the member's consent records, newest first. The evidence to VERIFY consent:
# which statement version + scopes, the method, status and time. No raw IP / user-agent.
{
  "data": [
    {
      "id": "con_…",
      "scopes": ["privacy_policy", "marketing_email"],
      "method": "register",
      "status": "active",                 // active | legacy_unverified | withdrawn
      "policyVersion": "v3",
      "policyVersionSeq": 3,
      "policyContentHash": "…sha256…",
      "consentedAt": "2026-02-02T10:30:00.000Z"
    }
  ]
}
# A member of another team (or unknown) → 404. No consents yet → { "data": [] }.

Guarantees

Tenant-isolated

teamId comes from the API key; another team's id resolves to 404. Endpoints are rate-limited per key.

Drafts never leak

Only published / archived versions are served, sanitized — work-in-progress drafts and internal markers stay inside.

Consent bound to wording

Each record carries the version number and a content hash, so "v3" always means the same words.

Minimal by default

Consent records omit raw IP / user-agent — you get the verification evidence, not surveillance data.

Machine-readable reference: the endpoints are in the v2 OpenAPI spec at https://flash.socialhub.ai/api/v2/openapi.json (tag Privacy).