This article will outline the changes to the OpenSRS API after GDPR implementation.
Please note: GDPR implementation is ongoing and this guide is subject to change.
The OpenSRS API Guide contains a detailed description of all API calls and their responses.
New API Calls
This API call resends the consent confirmation email to the registrant of a domain.
Updated API Calls
- An updated async_reason of "is_gdpr_async" is returned for TLDs that are processed asynchronously due to GDPR compliance
- auth_info attribute is now available so that resellers can specify the authcode of the domain and bypass the transfer in FOA
- Where a TLD does not support auth code submission for transfer approval and/or still requires approval be collected, or is an asynchronous TLD/registry (ie. ccTLDs), the transfer request on submission will enter a “pending_owner” state.
- For transfers-in where an auth code is submitted, the order status will be set to “pending_registry”, unless it’s declined due to the auth code being incorrect.
- consent_status now returned to indicate whether or not the registrant has completed the consent process. Responses are:
- NONE: We have not yet requested or collected a consent choice for this product group from this data subject.
- PENDING: Consent has been requested for this product group from this data subject but a selection has not yet been made. The product group is ‘synchronous’ so our system will complete the order using placeholder contact data for the consent-based fields unless and until consent to use real data is provided. Real data is used for contract-based fields
- PENDING_ASYNC: Consent has been requested for this product group from this data subject but a selection has not yet been made. The product group is ‘asynchronous’ so our system cannot process the order unless and until consent to use real data is provided, at which time real data will be used for all contract-based fields.
- ACCEPTED_CONTRACTUAL_MINIMUM: The user (data subject) has indicated that they do not consent to any additional data use beyond that which is required by contract. Minimum information always held by OpenSRS, required by contract includes first name, last name, organization, email address and country. Specific product groups may have different requirements for contract-based and consent-based data use, which will be indicated on the Data Use Consent Settings and Data Use Information pages.
- FORCED_ALL_CONTRACTUAL: The product group only uses data based on a contract, there is no consent-based data use and so no consent is required.
- ACCEPTED_FULL: The data subject has provided full consent to use consent-based data elements; contract-based data elements are also used
- DENIED: This asynchronous product can only be ordered if the data subject consents to data use; they did not consent, so the order has been cancelled and the data is not used. Note: this option is only available for TLDs or products that are deemed to be asynchronously handled for GDPR, AND previously had a status of PENDING_ASYNC (once the pending period ends, the product moves to DENIED status).
300: Registration is pending contact agreeing to share information per GDPR.