This page describes how to register user data with the Consent Management API.
Data elements are registered with the Consent Management API and connected to consents using user data mappings. User data is never stored in the Consent Management API.
The user data mappings, represented as UserDataMappings
resources, include the following elements:
- A user ID that identifies the user. This ID matches the ID the application provided the Consent Management API when registering the consent.
- A data ID that identifies user data stored elsewhere, such as on Google Cloud or on-premises. The data ID can be an opaque ID, a URL, or any other identifier.
- Resource attributes, which describe the characteristics of the user data using
resource attribute values configured for the consent store using attribute
definitions. For example, the data could include the
attribute_definition_id
data_identifiable
with the value ofde-identified
.
The following diagram shows the data flow for creating user data mappings:
Registering user data mappings
To create a user data mapping, use the
projects.locations.datasets.consentStores.userDataMappings.create
method. Make a POST
request and specify the following information in the
request:
- The name of the parent consent store
- A unique and opaque
userID
that represents the user with whom the data element is associated - An identifier for the user data resource, such as the REST path to a unique resource
- A set of
RESOURCE
attributes that describe the data element - An access token
curl
The following sample shows a POST
request using curl
:
curl -X POST \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/consent+json; charset=utf-8" \ --data "{ 'user_id': 'USER_ID', 'data_id' : 'DATA_ID', 'resource_attributes': [{ 'attribute_definition_id': 'data_identifiable', 'values': ['de-identified'] }] }" \ "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/userDataMappings"
If the request is successful, the server returns a response similar to the following sample in JSON format:
{ "name": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/userDataMappings/USER_DATA_MAPPING_ID", "dataId": "DATA_ID", "userId": "USER_ID", "resourceAttributes": [ { "attributeDefinitionId": "data_identifiable", "values": [ "de-identified" ] } ] }
PowerShell
The following sample shows a POST
request using Windows PowerShell:
$cred = gcloud auth application-default print-access-token $headers = @{ Authorization = "Bearer $cred" } Invoke-WebRequest ` -Method Post ` -Headers $headers ` -ContentType: "application/consent+json; charset=utf-8" ` -Body "{ 'user_id': 'USER_ID', 'data_id' : 'DATA_ID', 'resource_attributes': [{ 'attribute_definition_id': 'data_identifiable', 'values': ['de-identified'] }] }" ` -Uri "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/userDataMappings" | Select-Object -Expand Content
If the request is successful, the server returns a response similar to the following sample in JSON format:
{ "name": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/consentStores/CONSENT_STORE_ID/userDataMappings/USER_DATA_MAPPING_ID", "dataId": "DATA_ID", "userId": "USER_ID", "resourceAttributes": [ { "attributeDefinitionId": "data_identifiable", "values": [ "de-identified" ] } ] }