Documentation — Vishwaas AI | Setup, API Reference & DPDP Compliance Guides

🚀

Section 1

Getting Started

Introduction to Vishwaas AI, core concepts, and everything you need to understand before going live.

1.1 Introduction to Vishwaas AI

▸

What is Vishwaas AI?

Platform overview and DPDP Act positioning

▸

Key concepts

Data Fiduciary, Data Principal, Consent Ledger, Non-Repudiation

▸

DPDP Act obligations

How Vishwaas AI addresses each provision

▸

Platform architecture

Diagram: AWS Mumbai, EKS, PostgreSQL, Redis, Kafka

1.2 Quick Start

30 minutes

1

Log in as super_admin and create your tenant

Set slug, domain, DPBI registration ID, is_sdf flag

2

Set up your first consent purpose

Lawful basis, data categories, retention period, opt-in requirement

3

Publish your first privacy notice

TipTap editor → Legal review → DPO approval → publish + version lock

4

Create your first admin user

Invite via email → assign role → user receives OTP login link

5

Embed the cookie banner on your website

Single <script> tag with tenant slug and API key

6

Test a data principal registration and consent flow

Portal login → consent toggle → verify in ledger → check chain hash

1.3 Environment Setup

·

Local dev (Docker Compose)

Full stack with hot reload

·

QA environment

trust.crossidentityqa.com

·

MailHog OTP testing

Intercept OTP emails in dev

·

MinIO file storage

Document testing locally

1.4 Tenant Configuration

·

Tenant slug and domain

Routing and portal URL configuration

·

SMTP for outbound email

MailHog (dev) / AWS SES (prod)

·

Auth policy settings

OTP TTL, rate limits per email

·

First tenant_manager user

Bootstrap your admin access

👤

Section 2

Admin Portal Guide

Complete walkthrough of all 13 admin portal modules — from the compliance dashboard through to settings and API key management.

2.1

Dashboard

▸ Compliance posture score

▸ KPI cards: consent rate, DPR, breaches

▸ Time-range filters

▸ Activity feed event types

2.3

Privacy Notices

▸ TipTap rich-text editor

▸ 22-language completeness indicator

▸ Legal review + DPO approval workflow

▸ Publish = version lock + content hash

2.4

Data Principal Rights

▸ DPR queue: access, correction, erasure

▸ SLA countdowns + overdue alerts

▸ Identity verification (OTP, DigiLocker)

▸ DPBI escalation panel

▸ DPR Performance Report export

2.5

Breach Management

▸ Report a breach → starts 72-hr clock

▸ Rule 8(2) mandatory fields enforced

▸ DPBI notification editor

▸ Principal notification dispatch

▸ Breach Register export (signed PDF)

2.6

DPIA

▸ Questionnaire: all mandatory fields

▸ Likelihood × severity heatmap

▸ DPO approval workflow + certificate

▸ DPIA register filter + export

2.7

Vendor Management

▸ Onboarding + DPA upload

▸ Risk score calculation

▸ Cross-border transfer documentation

▸ Annual assessment workflow

2.8

Data Map

▸ Data asset inventory

▸ Retention policy per asset

▸ RoPA export (signed PDF)

2.9

Source Systems & Identity

▸ Register source systems (API/SFTP/CSV)

▸ Field mapping + sync scheduling

▸ Resolution rules + review queue

▸ Unified profiles + identity graph

2.10

Consent Propagation

▸ Webhook registry + HMAC secret

▸ Propagation monitor dashboard

▸ Dead-letter queue: retry + dismiss

2.11

Reports

▸ DPR Performance · Consent Analytics

▸ Breach Register · DPIA Register

▸ Vendor Risk · Training Completion

▸ Signed PDF/Excel + RFC 3161 timestamp

2.12–13

Users & Settings

▸ Invite users, assign 11 roles

▸ processor_liaison role for vendors

▸ API keys: create, scope, revoke

▸ SMTP, auth policy, notifications

🌐

Section 3

Data Principal Portal Guide

Written in plain language for non-technical audiences. This guide is designed to be shared directly with data principals.

3.1–3.2 Access & Login

▸ Your privacy rights under India's DPDP Act

▸ How passwordless login works (email OTP)

▸ First-time access and email change

3.3 Managing Your Consents

▸ View all active consents by purpose

▸ Granting and withdrawing consent (§6(5) — equally easy)

▸ What happens when you withdraw — real-time propagation

3.4 Your Rights Requests

▸ Access, correction, erasure, nomination, grievance

▸ Submitting and tracking a request

▸ Timelines: 30 days (grievance) / 90 days (all others)

▸ Escalating to the DPBI if unresolved

3.5–3.6 Notices & Cookies

▸ View current and past privacy notices

▸ Download your Consent Receipt PDF

▸ Cookie preference categories + how to change anytime

🔌

Section 4

API Integration Guide

Interactive Swagger UI

Browse all 188 endpoints, execute calls, view schemas, download OpenAPI 3.0 spec (JSON/YAML)

QA Swagger Prod Swagger

4.1 Authentication

▸ Requesting an OTP (admin and portal)

▸ Verifying OTP → JWT access + refresh tokens

▸ Refreshing access tokens

▸ M2M authentication via API keys

4.2 Core Concepts

▸ Response envelope: success, data, meta, errors

▸ Tenant scoping: X-Tenant-ID header

▸ Pagination: page, limit, total

▸ UUID v7 primary keys · TIMESTAMPTZ (UTC)

4.3–4.5 Consent APIs

▸ Collect, withdraw, query consent history

▸ Verify consent record integrity (hash chain)

▸ Single status: <50ms Redis-cached

▸ Batch status: 1,000 records <200ms

4.4 Webhook Integration

▸ Register a webhook endpoint

▸ Event payload schema

▸ Signature verification (X-VishwaasAI-Signature)

▸ Examples: Node.js, Python, Java, Go

4.8 Error Reference

▸ HTTP status codes used

▸ Error response format with code, message, field

▸ Common error codes and resolution

4.6 Rights & Idempotency

▸ Submit and query DPR requests via API

▸ external_ids object in webhook payloads

▸ Handling duplicate events (idempotency)

🍪

Section 5

Cookie Banner Integration

banner.js — 20KB vanilla TypeScript

Single <script> tag. Category-level consent. Recorded in the hash-chained ledger.

5 minutes

5.2 Quick Integration

<!-- Add to your HTML <head> or before </body> -->
<script src="https://cdn.vishwaasai.in/banner.js"
        data-tenant="your-tenant-slug"
        data-api-key="your-api-key"></script>

5.3 Configuration Options

▸ Categories: essential, analytics, marketing, personalisation

▸ Languages: auto-detect or explicit set

▸ Position: bottom-bar, bottom-left, bottom-right, modal

▸ Theme: light, dark, custom CSS variables

▸ Granularity: simple (all/none) vs. category-level

5.7 DPDP Compliance Notes

▸ All cookie preferences recorded in hash-chained ledger

▸ Withdrawals propagate via webhooks within 5 seconds

▸ Public consent record lookup API for third-party verification

▸ Satisfies DPDP Act §6(1) and §6(5) requirements

5.4 Handling Consent Events

window.VishwaasAI.on('consent:updated', (prefs) => {
  // Update third-party scripts based on updated consent prefs
  if (prefs.analytics) loadGoogleAnalytics();
  if (prefs.marketing)  loadMetaPixel();
  if (prefs.personalisation) loadIntercom();
});

// Re-show the banner programmatically (e.g., from a settings page)
window.VishwaasAI.showPreferences();

💡

Section 6

Compliance How-To Guides

Step-by-step workflows mapped directly to DPDP Act provisions. Each guide walks you through the exact platform steps to satisfy a specific legal obligation.

Guide	DPDP Reference	Key Steps
Publishing a DPDP-Compliant Notice	§5(1)–§5(4), Rule 3	Author → Legal review → DPO approval → publish
Collecting Non-Repudiable Consent	§6(1)–§6(7)	Purpose catalog → SDK / API → verify chain integrity
Running a 72-Hour Breach Response	§8(6), Rule 8	Report → DPBI notification → principal alerts → close
Handling the 5 Types of Rights Requests	§§11–14, Rule 10	Queue → identity verify → action → SLA track → close
DPIA Workflow for SDFs	§10(2)(c), Rule 7	Questionnaire → heatmap → DPO sign-off → certificate
Configuring Consent Propagation	Rule 4(5)	Register webhook → configure events → test → monitor
Producing a DPBI Evidence Package	§23 DPBI Requests	Unified profile → signed exports → chain verify
Verifying Consent Chain Integrity	§8(3) Audit	GET /audit/verify-chain → date range → integrity result

📖

Section 7

Reference

7.1 Role Permissions

All 11 roles × 15 resource types × 6 action types — complete permission matrix

7.2 Kafka Topics

Event schemas for all 7 Kafka topics — consumer and producer contracts

7.3 Database Schema

app schema tables, audit schema, key relationships and indexes

7.4 Environment Variables

All .env keys with descriptions, defaults, and required flags

7.5 Health Endpoints

GET /health and GET /health/ready — response schemas and status values

7.6 Changelog

v2.0 → v2.1 changes · v1.x → v2.0 migration notes and breaking changes

Documentation Features

Full-text search

Across all documentation pages

Version selector

v2.1 · v2.0 · v1.x

Language switcher

English + Hindi for user-facing sections

Edit on GitHub

Open documentation sections

Vishwaas AI Documentation