Root Endpoint
This section explains how to access and insert data in Hushh, ensuring each operation aligns with user consent protocols. All endpoints in these categories require a valid session token (obtained via /sessiontoken) and, where applicable, a user’s phone number or ID.
Here’s a quick rundown of the core API categories we offer. Each section links to a dedicated page with in-depth details on endpoints, request/response formats, and usage examples.
Cards & Consents
List Installed Cards
Description: Retrieves all the “cards” (e.g., brand cards, preference cards) installed by a user.
Parameters:
phone_number(query, string, required) — Identifies the user.token(header, string, required) — Your valid session token.
POST /api/v1/list-installed-cardsRetrieve any brand or loyalty 'cards' a user has installed.
Sample Response:
{
"status_code": 200,
"data": [
{
"brand_name": "Personal Information",
"category": "Demographic Card",
"id": 131
},
{
"brand_name": "Cuisine card",
"category": "Food - Personal",
"id": 60
},
{
"brand_name": "Travel Card",
"category": "Travel Preferences",
"id": 64
},
{
"brand_name": "Chanel",
"category": "Fashion, Dress, Personal",
"id": 15
},
{
"brand_name": "Insurance Card",
"category": "Insurance",
"id": 237
},
{
"brand_name": "Hushh ID card",
"category": "Hushh ID Card",
"id": 132
}
]
}| Field | Description |
|---|---|
status_code | HTTP-like status code for the response |
data | Array of installed cards with name, category, and an internal ID |
Common Errors:
422 Validation Error: Missing or invalidphone_numberparameter.Unauthorized: Invalid or expired session token.
Request Consent
Description: When a user’s consent is required for data access (e.g., brand preferences, health info), call this endpoint to prompt the user. The user is notified about the request with details of the developer and brand.
Request Body (JSON):
{
"phone_number": "string",
"access_token": "string",
"card_name": "string",
"expiry": "string"
}| Field | Type | Description |
|---|---|---|
phone_number | string | User’s phone number for identification |
access_token | string | Additional token or identifier if needed (optional depending on flow) |
card_name | string | Name of the data scope (card) for which consent is requested |
expiry | string | Defines the timeframe or reason for which consent is being requested |
Sample Request:
POST /api/v1/request-consent
Content-Type: application/json
{
"phone_number": "+1234567890",
"access_token": "dev-access-12345",
"card_name": "Health Card",
"expiry": "3 days"
}Send a request prompting the user to grant or reject data access.
Possible Outcomes:
-
Immediate Accept/Reject (within 3 minutes):
- Response:
"Consent granted. You can access the data." - or
"Consent rejected. You cannot access the data."
- Response:
-
No Response (user does not act within 3 minutes): Response:
"Consent request sent and awaiting user acceptance. The request will remain valid for the next 24 hours. Please check again after 24 hours."
Common Errors:
422 Validation Error: Invalid JSON structure or missing fields.Unauthorized: Missing or invalid session token.User Already Granted/Replied: If the user already granted or denied this specific consent, no further action is needed.
List Consented Cards
Description:
Retrieves a list of cards for which the user has already granted consent. This helps you identify which data scopes are accessible without further consent prompts.
Parameters:
phone_number(query, string, required) — The user’s phone number.token(header, string, required) — Your valid session token.
Get a list of consented cards
Sample Request:
POST /api/v1/list-consented-cards?phone_number=+1234567890
Authorization: Bearer <token>Sample Response:
{
"status_code": 200,
"data": [
{
"card_id": 61,
"card_market": {
"brand_name": "Fashion card"
}
}
]
}| Field | Description |
|---|---|
status_code | Indicates success/failure code (200 means successful retrieval). |
data | An array of consented cards, each with a card_id and metadata. |
card_market | Object containing card details like brand_name `. |
Common Errors:
-
422 Validation Error
- Triggered if
phone_numberis missing or invalid. - Check that your request includes all required query parameters and proper formatting.
- Triggered if
-
401/403 Unauthorized/Forbidden
- Missing or invalid session token.
- Ensure you are sending
Authorization: Bearer <token>with a valid token.
-
No Consents Found
- The user may not have consented to any cards yet, resulting in an empty
dataarray.
- The user may not have consented to any cards yet, resulting in an empty
Usage Notes:
- This endpoint complements List Installed Cards but specifically returns only those cards that the user has actively consented to share.
- Use this information to determine what data you can retrieve without sending another Request Consent call.
Receipts
Get Receipt Data
Description: Retrieves a list of previously stored receipts for the specified user.
Parameters:
phone_number(query, string, required)token(header, string, required)
Get user's receipt data
Sample Request(HTTP):
POST /api/v1/health-data?phone_number=+1234567890
Authorization: Bearer <token>Sample Response:
{
"status_code": 200,
"data": [
{
"answers": [
{
"answers": [
"{\"text\":\"Mental & Emotional Well-being\",\"image\":null}",
"{\"text\":\"Physical Health\",\"image\":null}"
],
"metadata": null,
"question": "What are your top health and wellness goals?",
"audio_url": null,
"questionType": "multiSelectQuestion"
},
{
"answers": [
"{\"text\":\"Dancing\",\"image\":null}",
"{\"text\":\"Strength Training\",\"image\":null}"
],
"metadata": null,
"question": "What types of exercise do you enjoy?",
"audio_url": null,
"questionType": "multiSelectQuestion"
},
{
"answers": [
"{\"text\":\"Vegetarian\",\"image\":null}"
],
"metadata": null,
"question": "Do you have any dietary restrictions or preferences?",
"audio_url": null,
"questionType": "multiSelectQuestion"
},
{
"answers": [
"{\"text\":\"Health Apps\",\"image\":null}"
],
"metadata": null,
"question": "What health apps or wearables do you use?",
"audio_url": null,
"questionType": "multiSelectQuestion"
}
]
}
]
} | Field | Description |
|---|---|
status_code | Indicates success/failure code |
data | Array of objects, each containing answers and question info |
Common Errors:
-
422 Validation Error: Missing or phone_number. -
Forbidden: User consent not granted for health data. -
Empty Data: User has not yet stored any health information.
Health
Get Health Data
Description: Retrieves the user’s stored health data, which often includes question-and-answer survey responses or other custom health metrics.
Parameters:
phone_number(query, string, required)token(header, string, required)
Retrieve health data information for insights
Sample Request(HTTP)
POST /api/v1/health-data?phone_number=+1234567890
Authorization: Bearer <token>Success Response:
{
"status_code": 200,
"data": [
{
"answers": [
{
"answers": [
"{\"text\":\"Mental & Emotional Well-being\",\"image\":null}",
"{\"text\":\"Physical Health\",\"image\":null}"
],
"metadata": null,
"question": "What are your top health and wellness goals?",
"audio_url": null,
"questionType": "multiSelectQuestion"
},
{
"answers": [
"{\"text\":\"Dancing\",\"image\":null}",
"{\"text\":\"Strength Training\",\"image\":null}"
],
"metadata": null,
"question": "What types of exercise do you enjoy?",
"audio_url": null,
"questionType": "multiSelectQuestion"
},
{
"answers": [
"{\"text\":\"Vegetarian\",\"image\":null}"
],
"metadata": null,
"question": "Do you have any dietary restrictions or preferences?",
"audio_url": null,
"questionType": "multiSelectQuestion"
},
{
"answers": [
"{\"text\":\"Health Apps\",\"image\":null}"
],
"metadata": null,
"question": "What health apps or wearables do you use?",
"audio_url": null,
"questionType": "multiSelectQuestion"
}
]
}
]
}| Field | Description |
|---|---|
status_code | Indicates success/failure code |
data | Array of objects, each containing answers and question info |
Common Errors:
-
422 Validation Error: Missing phone_number or malformed request body. -
Forbidden: User has not granted consent for health data access/updates.
Browsing
Get Browsing Data
Retrieves previously inserted browsing records for a user, enabling analytics or personalized recommendations. Parameters:
phone_number(query, string, required)token(header, string, required)
Sample Request(HTTP)
POST /api/v1/browsing-data?phone_number=+1234567890
Authorization: Bearer <token>Get Browsing Data Endpoints
Success Response:
{
"status_code": 200,
"data": [
{
"visit_time": "2025-01-09T18:37:30+00:00",
"website_url": "amazon.in",
"product_clicks": 23,
"interest_keywords": [
{
"Interest Keywords": "Heels"
}
],
"brand": "Monrow",
"source": "Amazon",
"duration": 45
}
]
}| Field | Description |
|---|---|
visit_time | Timestamp of when the user browsed |
website_url | The domain or page visited |
product_clicks | Number of product pages clicked in that session |
interest_keywords | Potentially an array or structure of user interests |
brand | Associated brand for this browsing session |
source | Where the traffic originated (e.g., Amazon, Google, etc.) |
duration | Number of seconds spent on the site |
Common Errors:
422 Validation Error: Invalid or missing parameters.Forbidden: Lack of user consent for browsing data retrieval.
Brand Preferences
-
Get Brand Preferences Retrieves any brand-specific preferences the user has previously shared (e.g., product categories, style choices). Parameters:
-
phone_number(query, string, required) -
brand_name(query, string, required) -
token(header, string, required)
Sample Request(HTTP)
POST /api/v1/brand-preferences?phone_number=+1234567890&brand_name=Dior
Authorization: Bearer <token>Get Brand Preference Data Endpoints
Success Response:
{
"status_code": 200,
"data": [
{
"answers": [
{
"answers": [
"{\"text\":\"Lady Dior\",\"image\":null}"
],
"metadata": null,
"question": "What bag styles from Dior do you own or aspire to own?",
"audio_url": null,
"questionType": "multiSelectQuestion"
},
{
"answers": [
"{\"text\":\"Handbags\",\"image\":null}",
"{\"text\":\"Beauty\",\"image\":null}"
],
"metadata": null,
"question": "Which Dior product categories do you prefer?",
"audio_url": null,
"questionType": "multiSelectQuestion"
},
{
"answers": [
"{\"text\":\"Neutral\",\"image\":null}"
],
"metadata": null,
"question": "How important is staying up to date with Dior's seasonal runway shows and collections?",
"audio_url": null,
"questionType": "multiSelectQuestion"
}
]
}
]
}| Field | Description |
|---|---|
status_code | Indicates success/failure code |
data | Array of preference objects with question-and-answer details |
Common Errors:
422 Validation Error: Missing phone_number or brand_name.Forbidden: User has not consented to share brand preference data or brand name is invalid.
Fashion
Get Fashion Data
Retrieves previously inserted fashion preferences and Q&A responses for a given user. Parameters:
phone_number(query, string, required)token(header, string, required)
Sample Request (HTTP):
POST /api/v1/insert-fashion-data?phone_number=+1234567890
Authorization: Bearer <token>
Content-Type: application/jsonGet Fashion Data Endpoints
Sample Response (Example):
{
"status_code": 200,
"data": [
{
"answers": [
{
"question": "Which brands do you follow for the latest fashion trends?",
"answers": [
"{\"text\":\"Gucci\"}",
"{\"text\":\"Prada\"}"
]
},
{
"question": "Preferred styles?",
"answers": [
"{\"text\":\"Streetwear\"}",
"{\"text\":\"Formal\"}"
]
}
]
}
]
}| Field | Description |
|---|---|
status_code | Custom success/failure code. |
data | Array of objects that include user’s fashion Q&A responses or metadata. |
Common Errors:
422 Validation Error: Missing phone_number or other required parameters.Forbidden: User has not granted consent for fashion data retrieval.
Food & Insurance
Get Food Data
Retrieves any stored food-related information for the user, which may include dietary preferences, favorite cuisines, or past food survey responses. Parameters:
phone_number(query, string, required)token(header, string, required)
Sample Request (HTTP):
POST /api/v1/food-data?phone_number=+1234567890
Authorization: Bearer <token>Get Food Data Endpoints
Sample Response (Example):
{
"status_code": 200,
"data": [
{
"dietary_preferences": [
"Vegetarian",
"Gluten-Free"
],
"favorite_cuisines": [
"Italian",
"Mexican"
]
}
]
}(The exact structure may vary based on how you insert or query food data.)
Common Errors:
422 Validation Error: Missing or invalid parameters.Forbidden: The user has not consented to share food-related data.Empty Data: No food data found for this user.
Get Insurance Data
Retrieves insurance-related information for the user, such as policy details, coverage limits, or any survey answers about insurance preferences. Parameters:
phone_number(query, string, required)token(header, string, required)
Sample Request (HTTP):
POST /api/v1/insurance-data?phone_number=+1234567890
Authorization: Bearer <token>Get Root Endpoints
Sample Response (Example):
{
"status_code": 200,
"data": [
{
"policy_type": "Health Insurance",
"policy_provider": "Global Health Co.",
"coverage_amount": 50000,
"policy_expiry_date": "2025-12-31",
"premium_due": 1200
}
]
}| Field | Description |
|---|---|
policy_type | e.g., Health, Life, Travel |
policy_provider | Name of the insurance company |
coverage_amount | Coverage limit or sum assured |
policy_expiry_date | Date (YYYY-MM-DD) or timestamp indicating when policy expires |
premium_due | Cost in the specified currency (USD, etc.) |
Common Errors:
422 Validation Error: Missing phone_number.Forbidden: User has not consented to share insurance data.Not Found: User has no insurance info stored.
Root Endpoints
Description: A simple check to ensure the API is up and running. It often returns a basic message or status response indicating that the Hushh Developer API is online.
Request:
No parameters required.Success Response (200 OK):
"Welcome to Hushh Developer API."Get Root Endpoints
Consent Flow
Overview
Hushh places user consent at the heart of data sharing. Even if a user’s data exists in Hushh, your application must explicitly request user permission to access it. This ensures privacy, transparency, and compliance with regulations like GDPR.
Workflow Steps
-
Attempt Data Retrieval
- If consent has already been granted, the API will return the requested data.
- If consent is missing, you receive a message:
“You don’t have permission to access the data. Please request consent from the user.”
-
Request Consent
- Call the
POST /api/v1/request-consentendpoint to prompt the user. - The user sees your application’s details (developer info, brand name, etc.) and decides whether to accept or reject.
- Call the
-
Immediate 3-Minute Window
- Hushh keeps the request open for 3 minutes for a potential instant response:
- Consent Granted: You can immediately access the data.
- Consent Rejected: You cannot access the data.
- Hushh keeps the request open for 3 minutes for a potential instant response:
-
24-Hour Pending
- If the user does not act within the 3-minute window, the request remains pending for 24 hours.
- Your application will receive a message:
“Consent request sent and awaiting user acceptance. Please check again after 24 hours.”
-
Check Status
- After 24 hours (or anytime in between), you can check if the user finally responded.
- Once consent is granted, your subsequent data retrieval calls should succeed.
Best Practices
- Request Consent Only When Needed: Avoid overwhelming the user with multiple consent prompts.
- Provide Context: In your UI or notifications, clarify why the data is needed and how it benefits the user.
- Handle Pending Status Gracefully: If consent is pending, inform the user that data will be available once they respond to the request.
Ready to dive deeper?
- Visit the Setup & Authentication page to learn how to create your profile, generate an API key, and authenticate.
- Explore the Data Insertion & Retrieval pages for detailed endpoint documentation, example requests, and response schemas.
- Check out the Consent Flow guidelines to understand how to handle user permissions when accessing sensitive data.
- If you have any questions, contact us at info@hush1one.com.
(Exact response may vary.)
Use Cases:
- Health Check: You can ping this endpoint to confirm connectivity and service availability.
- Debugging: Quick check if you’re receiving responses from the correct environment (test vs. live).
For more details on setting up and using the API, check out the Onboarding Guide or dive into API References.