DPDP: Session

Overview: Compliance API | Credits: 0 (free)

Creates or retrieves a compliance session. Sessions track state across multiple API calls for a single user journey: consent state, child flags, events emitted, obligations fulfilled, and active timers.

Parameters

action

string

required

"create" to start a new session or "get" to retrieve an existing one.

session_id

string

Required for "get". The session ID to retrieve.

config.entity_type

string

default:"data_fiduciary"

"data_fiduciary" or "significant_data_fiduciary". SDFs have additional obligations under the DPDP Act (DPIA, DPO appointment, annual reporting).

config.purpose

string

Required for "create". Primary processing purpose (e.g., "loan_advisory", "healthcare").

config.sector

string

Industry sector (e.g., "fintech", "healthcare", "ecommerce"). Influences sector-specific guidance.

config.processes_children

boolean

default:"false"

Whether children’s data may be processed. Enables S.9 checks from session start.

config.ttl_hours

integer

default:"24"

Session time-to-live in hours. Minimum 1.

Request: create

curl -X POST https://api.responsibleailabs.ai/railscore/v1/compliance/dpdp/session \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_RAIL_API_KEY" \
  -d '{
    "action": "create",
    "config": {
      "entity_type": "data_fiduciary",
      "purpose": "loan_advisory",
      "sector": "fintech",
      "processes_children": true,
      "ttl_hours": 24
    }
  }'

Request: get

curl -X POST https://api.responsibleailabs.ai/railscore/v1/compliance/dpdp/session \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_RAIL_API_KEY" \
  -d '{
    "action": "get",
    "session_id": "sess_abc123def456"
  }'

Response

{
  "result": {
    "session_id": "sess_abc123def456",
    "created_at": "2026-05-14T08:00:00+00:00",
    "config": {
      "entity_type": "data_fiduciary",
      "purpose": "loan_advisory",
      "sector": "fintech",
      "processes_children": true
    },
    "state": {
      "consent_status": {},
      "notice_shown": false,
      "child_session": false,
      "events_count": 0,
      "open_timers": [],
      "fulfilled_obligations": [],
      "pending_obligations": []
    }
  },
  "credits_consumed": 0
}

result.session_id

string

Unique session identifier (prefixed with sess_). Use this in subsequent /scan, /evaluate, /emit, and /require calls.

result.config

object

Session configuration as provided at creation.

result.state

object

Current compliance state. Updated automatically by events emitted via /emit.

Per-purpose consent state. Keys are purpose names, values are "active", "withdrawn", or "refused".

result.state.fulfilled_obligations

string[]

Obligations completed in this session (e.g., "notice_shown", "consent_obtained", "parental_consent_obtained").

result.state.open_timers

string[]

Active timer IDs associated with this session.

Endpoints

Agent API

Compliance API

Parameters

Request: create

Request: get

Response

Endpoints

Agent API

Compliance API

Documentation Index

​Parameters

​Request: create

​Request: get

​Response

Parameters

Request: create

Request: get

Response