Consent Framework REST API Reference
Use the Consent Framework REST API in your property skill or feature to view and reset the consent status for resident units. You can't provide Alexa Smart Properties (ASP) features and services that use personal health information until the resident grants permission. For more details, see Consent Framework in Alexa Smart Properties.
de-DE, en-GB, es-ES, fr-FR, and it-IT.API endpoint
The endpoint of the Consent Framework API is https://api.eu.amazonalexa.com.
Authentication
Each API request must have an authorization header whose value is the access token retrieved from Login with Amazon (LWA). For details, see Manage API Access.
Access to consent information is based on the permission scopes enabled for your skill and granted by the customer. Include the following permission scope when you request an access token.
| Permission scope | Description |
|---|---|
|
|
Allows your skill to access the consent framework. |
Operations
The Consent Framework API includes the following operations.
| Operation | HTTP method and URI |
|---|---|
|
| |
|
|
Get consent status for unit
Get the consent status for the specified unit. The status reflects whether the resident granted permission to use their personal health information.
This operation is available in the following countries.
| Healthcare | Hospitality | Senior Living | Core |
|---|---|---|---|
|
None |
None |
DE, ES, FR, IT, UK |
None |
Request
To get consent, you make a GET request to the /v2/units/{unitId}/consent resource.
Request path and header example
GET /v2/units/{unitId}/consent?consentType={consentType}
Host: api.eu.amazonalexa.com
Content-Type: application/json
Authorization: Bearer {access token}
Accept: application/json
Request path and header parameters
| Parameter | Located in | Description | Type | Required |
|---|---|---|---|---|
|
|
Path |
Identifies the unit. |
String |
Yes |
|
|
Path |
Identifies the type of consent. |
String |
Yes |
|
|
Header |
String |
Yes |
Request body example
The request has no body.
Request body properties
The request has no body.
Response
A successful response returns HTTP 200 OK, along with the consent status.
On error, the response returns the appropriate HTTP status code and includes a response body with an error code and human readable message.
Response body example
{
"consentStatus": "NO_CONSENT"
}
Response body properties
| Property | Description | Type |
|---|---|---|
|
|
Status of the specified unit for the selected |
String |
Status values
The following Consent Framework API supports the following status values.
| Status value | Description |
|---|---|
|
|
Indicates no consent is present or consent was reset. |
|
|
Indicates the user denied the consent. |
|
|
Indicates that the user revoked consent after granting it previously. |
|
|
Indicates that the user granted consent. |
HTTP status codes
| Status | Description |
|---|---|
|
|
Response body contains the consent status. |
|
|
Indicates that one or more properties in the request body aren't valid. |
|
|
Request didn't include the authorization token, or the included token expired or isn't valid. Or, you don't have access to the resource. |
|
|
Indicates that the authorization token is valid, but the requested operation isn't allowed. |
|
|
Requested resource not found. |
|
|
Permitted rate limit, specified as number of requests per unit of time, exceeded. Retry the request by using exponential back-off. |
|
|
Error occurred on the server. Retry the request by using exponential back-off. |
|
|
Server is down for maintenance, overloaded, or otherwise unavailable to handle the incoming request. |
Reset consent for unit
Reset consent for the specified unit. This operation changes the consent status to NO_CONSENT and removes any personal health information from the device.
This operation is available in the following countries.
| Healthcare | Hospitality | Senior Living | Core |
|---|---|---|---|
|
None |
None |
DE, ES, FR, IT, UK |
None |
Request
To reset consent, you make a PUT request to the /v2/units/{unitId}/consent resource.
Request path and header example
PUT /v2/units/{unitId}/consent/reset
Host: api.amazonalexa.com
Content-Type: application/json
Authorization: Bearer {access token}
Request path and header parameters
| Parameter | Located in | Description | Type | Required |
|---|---|---|---|---|
|
|
Path |
Identifies the unit. |
String |
Yes |
|
|
Header |
String |
Yes |
Request body example
{
"consentType" : "health_data"
}
Request body properties
| Property | Description | Type | Required |
|---|---|---|---|
|
|
Identifies the type of consent. |
String |
Yes |
Response
A successful response returns HTTP 200 OK.
On error, the response returns the appropriate HTTP status code and includes a response body with an error code and human readable message.
Response body example
The response has no body.
Response body properties
The response has no body.
HTTP status codes
| Status | Description |
|---|---|
|
|
Consent status reset successfully. |
|
|
Indicates that one or more properties in the request body aren't valid. |
|
|
Request didn't include the authorization token, or the included token expired or isn't valid. Or, you don't have access to the resource. |
|
|
Indicates that the authorization token is valid, but the requested operation isn't allowed. |
|
|
Requested resource not found. |
|
|
Permitted rate limit, specified as number of requests per unit of time, exceeded. Retry the request by using exponential back-off. |
|
|
Error occurred on the server. Retry the request by using exponential back-off. |
|
|
Server is down for maintenance, overloaded, or otherwise unavailable to handle the incoming request. |
Related topics
Last updated: Oct 31, 2024