The Single Consent service enables easily sharing a user's consent or rejection of cookies across different websites. This ensures a seamless user experience by remembering a user's preferences without repeatedly asking for consent.
-
Cookie Consent: When you visit a Single Consent enabled website, you may encounter a pop-up or banner asking for your consent to use cookies.
-
Unique ID: If you respond, your consent to (or refusal of) cookies is then submitted to the Single Consent service, which assigns you a randomly generated unique ID. This ID does not contain any personal information about you.
-
Central Database: Your consent data is then associated with your unique ID and stored in the central Single Consent database.
-
Javascript Client: The website receives your unique ID via the Single Consent client, a small piece of Javascript code embedded in the website.
-
Link Decoration: The client automatically appends your unique ID as a parameter to the links you click on which lead to other Single Consent enabled websites.
-
Consent Lookup: When a Single Consent enabled website receives a request with a URL containing your unique ID, it uses this ID to look up your consent data in the central database. Using this data, the website can respect your preferences and avoid asking for consent again.
-
Revoking Consent: If you change your mind and refuse (or grant) consent to use cookies, you can modify your cookie settings on the current website and it will submit the updated data to the central database, making all other Single Consent enabled websites aware of your changed preferences.
-
ID Cookie: The Single Consent client also stores your unique ID in a cookie for the current website, so that if you return to the site without clicking a link (eg via a bookmark, or typing in the URL to the address bar in your browser), your consent preferences will be remembered.
-
Audit Logging: Following the CQRS (Command Query Responsibility Segregation) pattern, whenever consent data is written to the PostgreSQL database, an event is also pushed to a BigQuery dataset. This provides a complete audit trail of all consent changes, enabling future analysis and compliance verification if needed.
- Docker and Docker Compose
# Build and start all services
make docker-build
docker compose upYou can run all the services without setup needed:
make docker-build
docker compose upEach time a file is modified in the applications, the container application will restart.
cd apps/consent-api/tests
BASE_URL=http://localhost:8000 poetry run pytest .
You can also point the integration tests at the cloud instances by specifying the URL.
API documentation is available via Swagger UI when running the service locally at: http://localhost:8000/docs
Unless stated otherwise, the codebase is released under the MIT License. This covers both the codebase and any sample code in the documentation. The documentation is © Crown copyright and availabe under the terms of the Open Government 3.0 licence.
The Single Consent service is maintained by a team at Government Digital Service. If you want to know more about the service, please email the Data Infrastructure team or get in touch with them on Slack.
Team email:
data-tools-alerts@digital.cabinet-office.gov.uk
You can also contact the maintainers of this repository via email:
- Guilhem Forey:
guilhem.forey@digital.cabinet-office.gov.uk