Compliance & Consent API Live
Read your team's published member privacy / compliance statement and verify per-member consent over a governed v2 REST API. Your storefront, app, data warehouse or back office can fetch the current statement, walk its version history, and confirm exactly which version a member agreed to — with scoped, audited keys.
Authentication & scopes
All endpoints are on the Flash API host and authenticate with a server-side API key (Bearer). The team is always derived from the key — never sent in the request. Two read-only scopes gate access:
privacy:read— the statement: current version, history, and a specific version.consent:read— a member's consent records (version, scopes, status, time).
# Every call uses a server-side API key (Bearer). teamId is derived from the key,
# never sent in the request. Two read scopes:
# privacy:read → the statement (current / history / a version)
# consent:read → a member's consent records
curl https://flash.socialhub.ai/api/v2/privacy/current \
-H "Authorization: Bearer fl_live_your_key_here"Read the statement
Published and archived versions only — drafts are never exposed, and content is sanitized (internal review markers stripped) before it leaves the API.
GET https://flash.socialhub.ai/api/v2/privacy/current # scope: privacy:read
# 200 — the current published statement (sanitized), or { "data": null } if none published.
{
"data": {
"id": "pol_…",
"version": "v3",
"versionSeq": 3,
"status": "published",
"locale": "en",
"changeType": "material",
"changeSummary": "Updated data-retention section",
"effectiveAt": "2026-02-01T00:00:00.000Z",
"contentHash": "…sha256…",
"content": { "sections": [ { "key": "intro", "title": "…", "body": "…" } ] }
}
}GET https://flash.socialhub.ai/api/v2/privacy/policies # scope: privacy:read
# 200 — version history, newest first (metadata only; published & archived — never drafts).
{
"data": [
{ "id": "pol_3", "version": "v3", "versionSeq": 3, "status": "published",
"changeType": "material", "effectiveAt": "2026-02-01T00:00:00.000Z", "contentHash": "…" },
{ "id": "pol_2", "version": "v2", "versionSeq": 2, "status": "archived",
"changeType": "minor", "effectiveAt": "2026-01-01T00:00:00.000Z", "contentHash": "…" }
],
"total": 2
}
GET https://flash.socialhub.ai/api/v2/privacy/policies/{id} # one version, full sanitized content (404 for a draft id)Verify consent
Confirm exactly which statement version and scopes a member consented to. Records are append-only evidence and survive a member's deletion; the API returns what you need to verify — without the raw IP or user-agent (PII minimization).
GET https://flash.socialhub.ai/api/v2/members/{id}/consents # scope: consent:read
# 200 — the member's consent records, newest first. The evidence to VERIFY consent:
# which statement version + scopes, the method, status and time. No raw IP / user-agent.
{
"data": [
{
"id": "con_…",
"scopes": ["privacy_policy", "marketing_email"],
"method": "register",
"status": "active", // active | legacy_unverified | withdrawn
"policyVersion": "v3",
"policyVersionSeq": 3,
"policyContentHash": "…sha256…",
"consentedAt": "2026-02-02T10:30:00.000Z"
}
]
}
# A member of another team (or unknown) → 404. No consents yet → { "data": [] }.Guarantees
Tenant-isolated
teamId comes from the API key; another team's id resolves to 404. Endpoints are rate-limited per key.
Drafts never leak
Only published / archived versions are served, sanitized — work-in-progress drafts and internal markers stay inside.
Consent bound to wording
Each record carries the version number and a content hash, so "v3" always means the same words.
Minimal by default
Consent records omit raw IP / user-agent — you get the verification evidence, not surveillance data.
Machine-readable reference: the endpoints are in the v2 OpenAPI spec at https://flash.socialhub.ai/api/v2/openapi.json (tag Privacy).