Skip to main content
Best Answer

APIs for Policy and Terms & Conditions - tracking the user_id

  • September 10, 2025
  • 10 replies
  • 187 views
KMallette
Hero II
Forum|alt.badge.img+9

Hiya... I want to use the end points for tracking acceptance of the privacy policy and termsandconditions. I know the endpoints, and understand them. But I don't see how the end point tracks the individual user_id. The result I am after is that when the user logs into the domain the first time, his agreements will already have been recorded. Registration is actually happening via API from a different platform, so I'm keen to not make them agree twice.

Here’s the body for the privacy endpoint POST /manage/v1/policy/track
{
  "policy": {
    "id": 0,
    "answer": 0,
    "sub_policies": [
      {
        "id": 0,
        "answer": 0
      }
    ]
  },
  "client_id": 0
}

Thanks for any ideas.

Best answer by John

Hey ​@KMallette!

I dug into this and also captured the HAR flow from the UI when accepting a policy as a Learner/user. Since you’re collecting registration and consent in a non-Docebo system and want to push that record into Docebo, it might be helpful to understand how this is playing out on the Docebo side. Here’s what’s happening under the hood:

  • When a learner clicks “Accept” in the wizard, the platform calls the tracking endpoints in their user context:

    • POST /manage/v1/policy/track with body like:

{
  "policy": {
    "id": 1,
    "answer": true,
    "sub_policies": [
      {"id": 2, "answer": 1}
    ]
  }
}
  • POST /manage/v1/termsandconditions/track with body like:
{ "tc": { "id": 1, "answer": true } }
  • These calls must use the learner’s own token. That’s why my HAR shows them tied to the logged-in user and not another reference in parameters or token.
     

Important: there’s no documented or supported way to “accept” a policy/T&C on behalf of another user. The system doesn’t allow a Superadmin to force-mark acceptance for someone else, since that breaks the audit trail of user consent. APIs remain usable even if policies aren’t accepted, so integrations and provisioning don’t get blocked.

 

What you can do in practice:

  1. Let the platform collect consent at login (recommended).

    • Assign policies properly, and users will be prompted the next time they sign in.

    • You can monitor acceptance status in the Privacy Policy/T&C dashboards.

  2. If you need historical consent backfilled (e.g., you’ve tracked acceptance externally and need Docebo to reflect it), open a Support ticket and let’s explore our options. We may be able to import evidence of consent, but this would be handled case-by-case.

  3. Avoid trying to script “admin acceptance” for other users.

    • It isn’t supported (AFAIK) and could create compliance issues and could conflict with aduitability requirements.

    • Instead, could you carry a User Additional Field that is hidden to the learner/user profile so the selection is known on acceptance in the 3rd party system?

If your goal is to automate a user’s own acceptance (for testing or simulation), you can replay the above POST calls with that user’s token. If the goal is to mark acceptance on behalf of a whole group, that’s not possible via API today.

KMallette, Surgical Training Institute (STI) (previously with Viasat, Inc.)

10 replies

R
Influencer I
Forum|alt.badge.img
  • RonB
  • Influencer I
  • September 10, 2025

@KMallette if you don’t need the T&Cs turn them off. Advanced Settings->Users.

 

KMallette
Hero II
Forum|alt.badge.img+9
  • KMallette
  • Author
  • Hero II
  • September 10, 2025

@RonB I need the T&Cs and the Privacy. 

KMallette, Surgical Training Institute (STI) (previously with Viasat, Inc.)
R
Influencer I
Forum|alt.badge.img
  • RonB
  • Influencer I
  • September 10, 2025

Ahh I misunderstood, I thought you were capturing the T&C acknowledgment as user joined from another system, which would have negated the need to capture it in Docebo.

M
Novice III
Forum|alt.badge.img+1
  • mstrom
  • September 11, 2025

Hi ​@KMallette that API endpoint is just to track the policy and sub policies themselves. Not user acceptance.

   

API for privacy is under Analytics /analytics/v1/dashboard/users/privacy_policies 

For terms API go under Reports /report/v1/terms_and_conditions/users

 

For non-API alternative I would suggest using the dashboard reports available under new reports to view, filter, and export data that includes by user.

KMallette
Hero II
Forum|alt.badge.img+9
  • KMallette
  • Author
  • Hero II
  • September 11, 2025

@mstrom Thank you so much for the clarification.

I do need to do this via API.  I collect registration data in a non-Docebo system, and then POST the data via API to create the Docebo user. So, I’m not looking to GET data … I need to POST data.  I need to tell Docebo that the learner has agreed (but in the other system). 


 

KMallette, Surgical Training Institute (STI) (previously with Viasat, Inc.)
John
Docebian
Forum|alt.badge.img+3
  • John
  • Docebian
  • Answer
  • September 11, 2025

Hey ​@KMallette!

I dug into this and also captured the HAR flow from the UI when accepting a policy as a Learner/user. Since you’re collecting registration and consent in a non-Docebo system and want to push that record into Docebo, it might be helpful to understand how this is playing out on the Docebo side. Here’s what’s happening under the hood:

  • When a learner clicks “Accept” in the wizard, the platform calls the tracking endpoints in their user context:

    • POST /manage/v1/policy/track with body like:

{
  "policy": {
    "id": 1,
    "answer": true,
    "sub_policies": [
      {"id": 2, "answer": 1}
    ]
  }
}
  • POST /manage/v1/termsandconditions/track with body like:
{ "tc": { "id": 1, "answer": true } }
  • These calls must use the learner’s own token. That’s why my HAR shows them tied to the logged-in user and not another reference in parameters or token.
     

Important: there’s no documented or supported way to “accept” a policy/T&C on behalf of another user. The system doesn’t allow a Superadmin to force-mark acceptance for someone else, since that breaks the audit trail of user consent. APIs remain usable even if policies aren’t accepted, so integrations and provisioning don’t get blocked.

 

What you can do in practice:

  1. Let the platform collect consent at login (recommended).

    • Assign policies properly, and users will be prompted the next time they sign in.

    • You can monitor acceptance status in the Privacy Policy/T&C dashboards.

  2. If you need historical consent backfilled (e.g., you’ve tracked acceptance externally and need Docebo to reflect it), open a Support ticket and let’s explore our options. We may be able to import evidence of consent, but this would be handled case-by-case.

  3. Avoid trying to script “admin acceptance” for other users.

    • It isn’t supported (AFAIK) and could create compliance issues and could conflict with aduitability requirements.

    • Instead, could you carry a User Additional Field that is hidden to the learner/user profile so the selection is known on acceptance in the 3rd party system?

If your goal is to automate a user’s own acceptance (for testing or simulation), you can replay the above POST calls with that user’s token. If the goal is to mark acceptance on behalf of a whole group, that’s not possible via API today.

KMallette
dwilburn
R
Helper I
  • rterakedis
  • Helper I
  • September 17, 2025

I’d like to add on that I’ve submitted a feature request for more functionality around Policies, Terms, and Newsletters:   

The fact of the matter is this:  we’re losing the audit trail because we can’t sync bi-directionally with a single source of truth.   Please feel free to add additional commentary on the feature request!

KMallette
Hero II
Forum|alt.badge.img+9
  • KMallette
  • Author
  • Hero II
  • September 17, 2025

@John John… thank you so much!  For the troubleshooting tips (I hadn’t thought to try a HAR) as well as the explanation.  Makes total sense, and I get the audit piece as well. In the end, I did decide to have the Docebo platform manage the policy tracking and removed it from my registration flow.  (FYI, the registration flow enrolls them into two needed platforms at the same time). 

Thanks again!

KMallette, Surgical Training Institute (STI) (previously with Viasat, Inc.)
John
John
Docebian
Forum|alt.badge.img+3
  • John
  • Docebian
  • September 19, 2025

Always good to hear from you, ​@KMallette! I’m glad you were able to find some peace of mind in a solution that works for you and the current process.

It seems in the end a little bit simpler of a workflow overall and you can now look at automation of new fun things!     ✅  😁👍     👏😎

John
Docebian
Forum|alt.badge.img+3
  • John
  • Docebian
  • September 19, 2025

@rterakedis - I’ll see if I can circulate the Idea you shared to stir some interest and see if we can get some feedback from Product on this. Stay tuned! 

I’ll also coordinate with your CSM and Account Team as well to ensure they are informed and can keep you up to date if news comes our way of changes in this area and what I described above in the thread.

Terms & ConditionsCookie settingsAccessibility statement