Hushh Developer API
Hushh Logo
Developer APIs
Additional Requirements

3. Additional Considerations

Beyond basic endpoint usage, there are a few critical aspects to keep in mind when working with Hushh Developer APIs. These considerations help ensure that your integrations remain seamless, secure, and fully compliant with global data protection standards.

3.1 Consent Flow

Overview

Hushh places user consent at the heart of data sharing. Even if a user’s data exists in Hushh, your application must explicitly request user permission to access it. This ensures privacy, transparency, and compliance with regulations like GDPR.

Workflow Steps

  1. Attempt Data Retrieval

    • If consent has already been granted, the API will return the requested data.
    • If consent is missing, you receive a message:

      "You don’t have permission to access the data. Please request consent from the user."

  2. Request Consent

    • Call the POST /api/v1/request-consent endpoint to prompt the user.
    • The user sees your application’s details (developer info, brand name, etc.) and decides whether to accept or reject.
  3. Immediate 3-Minute Window

    • Hushh keeps the request open for 3 minutes for an instant response:
      • Consent Granted: You can immediately access the data.
      • Consent Rejected: You cannot access the data.
  4. 24-Hour Pending

    • If the user does not act within the 3-minute window, the request remains pending for 24 hours.
    • Your application will receive a message:

      "Consent request sent and awaiting user acceptance. Please check again after 24 hours."

  5. Check Status

    • After 24 hours (or anytime in between), check if the user has responded.
    • Once consent is granted, subsequent data retrieval calls should succeed.

Best Practices

Request Consent Only When Needed: Avoid overwhelming the user with multiple consent prompts.
Provide Context: Clarify why the data is needed and how it benefits the user.
Handle Pending Status Gracefully: If consent is pending, inform the user that data will be available once they respond.


3.2 Security & Privacy

Data Protection

🔐 Encryption in Transit: All requests and responses with Hushh APIs occur over HTTPS (TLS/SSL) to prevent interception.
🔐 Storage Encryption: Sensitive data at rest is encrypted to mitigate unauthorized access within Hushh’s infrastructure.

Key & Token Management

🔑 API Key Security: Never expose your API key in public repositories or client-side code. Treat it as a secret.
🔑 Session Tokens: Automatically expire after a set time. Re-generate as needed to maintain secure communication.
🔑 Revocation: If your key or token is compromised, revoke and regenerate credentials promptly.

Access Control

✔️ Granular Permissions: Hushh enforces user-level permissions through explicit consent checks.
✔️ Least Privilege: Request only the data your application truly needs, reducing risk in the event of unauthorized access.


3.3 GDPR & Compliance

GDPR Commitment

Hushh is fully committed to the principles of the General Data Protection Regulation (GDPR), ensuring that personal data is:

  • Processed Lawfully, Fairly, and Transparently
  • Collected for Specified, Explicit, and Legitimate Purposes
  • Minimized to what is necessary for your application’s legitimate purpose.
  • Accurate and Up-to-Date
  • Stored Securely with strong encryption and strict access controls.
  • Retained Only as Necessary for the purposes authorized by the user.

User Rights

Under GDPR, users have the right to:

🔹 Withdraw Consent: They can revoke data sharing at any point.
🔹 Data Portability: Users can request their data in a structured, commonly used format.
🔹 Data Erasure: They can ask to have their data removed or anonymized.

Developer Responsibilities

🛡️ Transparent Usage: Clearly communicate to users how and why their data is being processed in your app.
🛡️ Honoring Requests: If users request deletion or withdrawal of consent, ensure your application stops retrieving or storing their data.
🛡️ Data Minimization: Only request data relevant to your service or product requirements.


Final Notes

✅ By following the Consent Flow, Security & Privacy, and GDPR guidelines, you ensure a safe, user-trusting environment.
✅ For compliance inquiries or security questions, reach out to info@hush1one.com.
✅ Stay updated with evolving data protection regulations, especially if your app serves multiple regions globally.

🚀 With these considerations in mind, you're now prepared to build secure, privacy-focused, and regulation-compliant solutions on top of Hushh Developer APIs!


Future of “Digital Identity” & “Personalised Experiences”

Manish Sainani, 2024

Call +14252969050

© 2024 HushOne Inc. All rights reserved.

Future of “Digital Identity” & “Personalised Experiences”

Manish Sainani, 2024

Call +14252969050

© 2023 Hush1One Inc. All rights reserved.

Duns # 119019629