Backend — @consenti/api
The Consenti backend module records consent to a database, serves the REST API, provides an admin dashboard, and runs server-side plugins. It has zero external runtime dependencies — only Node.js 24 built-ins.
Installation
bash
npm install @consenti/apiQuick start
Add it to your existing Node.js server — consenti.router mounts all routes inside your app. No separate process or port needed.
ts
import express from 'express'
import { createConsenti } from '@consenti/api'
const app = express()
const consenti = createConsenti({
storage: { driver: 'node:sqlite', path: './consenti-data' }, // path is a directory
auth: {
mode: 'local',
adminEmail: '[email protected]',
adminPassword: process.env.CONSENTI_ADMIN_PASSWORD!,
},
dashboard: true,
})
app.use(consenti.router) // all Consenti routes now live under /consenti
app.listen(3000)What createConsenti returns
| Property | Type | Description |
|---|---|---|
handler | http.RequestListener | Plain Node.js HTTP handler — use with http.createServer or as a terminal handler |
router | Express-compatible middleware | Mount with app.use(consenti.router); calls next() for unmatched routes |
fastifyHandler | Fastify plugin | Register with fastify.register(consenti.fastifyHandler) |
honoApp | Hono app | Use with consenti.honoApp.fetch(request) for fetch-based runtimes |
ready | Promise<void> | Resolves when storage is connected, migrations run, and bootstrap admin is created |
storage | StorageAdapter | Direct access to the storage layer for custom queries |
services | service map | Programmatic access — consenti.services.profile.get(id), consenti.services.consent.submit(...), etc. |
eventBus | EventEmitter | Subscribe to lifecycle events: consent.created, profile.updated, cache:warm, etc. |
destroy() | Promise<void> | Graceful shutdown — closes DB connection and calls plugin destroy() |
Architecture
text
Request → Routes → Services → Repositories → StorageAdapter → Database
↓
Plugins (hooks fire at service layer)- Routes — validate input, call services, return HTTP responses
- Services — business logic (consent validation, versioning, expiry)
- Repositories — translate domain objects to/from the storage adapter
- StorageAdapter — the only layer that knows about the DB engine
- Plugins — lifecycle hooks fired at the service layer
Storage adapters
| Driver | Config value | Notes |
|---|---|---|
| JSON file | json | Default — zero install, dev/low-traffic only. Not suitable for production. |
| node:sqlite (built-in) | node:sqlite | Node 22.5+ built-in. Zero install. Recommended for Node 22+. |
| better-sqlite3 | better-sqlite3 or sqlite | Native addon — faster, needs build toolchain. Node 20+. |
| WASM SQLite | node-sqlite3-wasm | Pure WASM, no compilation. Node 20+. |
| PostgreSQL | postgresql | Optional peer dep: npm install pg |
| MySQL / MariaDB | mysql | Optional peer dep: npm install mysql2 |
| MongoDB | mongodb | Optional peer dep: npm install mongodb |
Sections
Installation
npm install, embed in Express/Fastify/Next.js, first-run DB setup
Configuration
Full createConsenti() options reference including s3Api, handleCache, and geo resolvers
API Routes
REST endpoints, request/response shapes
Admin Dashboard
Built-in Preact SPA — profiles, templates, consent records, RBAC
Events
EventBus reference — consent, profile, and cache lifecycle events