API-first eConsent · 21 CFR Part 11-compliant signatures

Embed eConsent into your clinical stack with a few REST calls.

Consentara is the API-first consent platform for sponsors, CROs and clinical SaaS teams. Trigger consent ceremonies from your EDC or CTMS, run signatures that meet 21 CFR Part 11, and attribute every machine action back to the person who authorised it, without operating a separate portal.

Request a demo See how the API works

21 CFR Part 11-compliant e-signatures · 103 controls mapped EU Annex 11 to EudraLex Volume 4 · EU General Data Protection Regulation 25-year default audit retention (configurable per tenant)

authorise & sign consent · POST

# A person authorises from your backend
curl -X POST https://api.consentara.com/api/v1/\
  consents/sessions/7a2e1c4b-…/authorise-signature \
  -H "Authorization: Bearer $USER_JWT" \
  -H "Content-Type: application/json" \
  -d '{"event":"sign","service_account_ids":["<uuid>"]}'

# → returns short-lived, single-use token (shown once)
{ "id": "9c8d7e6f-…",
  "token": "sat_9f3…",
  "expires_at": "2026-04-19T17:05:00Z" }

# Machine executes the signature
curl -X POST https://api.consentara.com/api/v1/\
  consents/sessions/7a2e1c4b-…/sign \
  -H "Authorization: Bearer csk_live_acme_…" \
  -H "X-Signature-Authorisation: sat_9f3…" \
  -H "Content-Type: application/json" \
  -H "Idempotency-Key: 7a2e1c4b-sign-01" \
  -d '{"signer_name":"Dr A. Chen","meaning_statement":"I confirm consent has been obtained."}'

# ✓ Signed. Anchored. Attributed to a named person.

103

21 CFR Part 11 signature controls

REST endpoints

25yr

Default audit retention

99.9%

Uptime SLA target

The integration tax

eConsent shouldn’t be another portal your team logs into.

Clinical software is converging. EDC, CTMS and eTMF are becoming integration hubs, but most eConsent vendors still ship browser-first, person-led workflows that force manual steps, duplicate data, and create compliance gaps between systems.

01 · The cost

Swivel-chair workflows

Staff log into a separate consent portal to trigger a signature your trial management system already knows needs to happen. Every context switch is a place an error can hide.

02 · The risk

Unattributed automation

When scripts or jobs sign on behalf of users, audit trails record a shared service account, not the authorising investigator. That’s a 21 CFR Part 11 §11.10(e) signature-attribution finding waiting to happen.

03 · The ceiling

No room to scale

Re-consent at protocol amendment, cross-jurisdiction transfers, white-label UIs, every workflow beyond the vendor’s portal is a custom project. You can’t embed what isn’t an API.

The Consentara model

Consent as a service you call, not a portal you maintain.

Portal-first eConsent

Staff context-switch into a separate vendor UI
Shared service accounts sign on behalf of real people, with no trace back to who
Audit trail lives in the vendor, disconnected from your EDC
Protocol-amendment re-consent is a manual campaign
Participant UI is locked to the vendor’s branding and workflow
Integration is a roadmap item, quarter after quarter

API-first Consentara

Your EDC/CTMS triggers consent; no new UI for staff
Every machine action attributed back to the person who authorised it, via short-lived, single-use tokens
Webhooks + cursor-paginated REST keep records in sync with your eTMF
Re-consent fires automatically on amendment or jurisdiction change
Fork the open-source participant UI; white-label it, own the experience
Ship to pilot in weeks, not quarters, OpenAPI 3.1 spec & idempotency built in

How it works

From integration key to audit-ready signature in five calls.

Every step is a REST endpoint. Every event is attributable to a named person. Every signature is anchored to an immutable chain.

Mint a service account

Scoped to your tenant. One API surface per integration.

Issue an API key

csk_ prefix for secret-scanning. Argon2id-hashed.

Authorise from a person

User call returns a short-lived, single-use token.

Machine executes

Token bound into the signature’s cryptographic hash.

Audit resolves to a named person

Principal, key, and authorising user on every event.

Consent workflows

Every consent type your protocol needs, one API.

Standard adult consent, protocol-amendment re‑consent, Legally Authorised Representative, witnessed, and paediatric assent, all served by the same endpoints, all landing in the same Part 11 audit trail.

Standard

Adult informed consent

Participant reads, comprehends, signs. The baseline ceremony, with comprehension tracking and multi-language content out of the box.

Re-consent

Protocol amendments

Your amendment workflow flags affected sessions via API; Consentara runs the re-consent ceremony and updates the audit chain. No manual portal steps.

LAR

Legally Authorised Representative

For participants who cannot consent for themselves. LAR identity, relationship, and authority captured and attributed on every downstream action.

Witnessed

Witnessed consent

Independent witness attestation captured in the same ceremony, required for impaired-capacity, emergency, and certain vulnerable-population studies.

Assent

Paediatric assent

Age-appropriate assent paired with parent/guardian consent. Both records linked, both attributable, both retained on the 25-year audit chain.

Shared across every workflow: Comprehension tracking Multi-language content Same audit chain & retention Same REST surface

Platform capabilities

Production primitives for regulated integrations.

The things your compliance team asks for, and the things your engineers wish every SaaS API shipped with.

§11.10(e)

Every action traced to a named person

Every audit record carries principal_type, service_account_id, api_key_id and on_behalf_of_user_id. No machine action is unattributed.

§11.70

Delegated signatures

A person authorises; the machine executes inside a short-lived, resource-scoped, single-use token. The token ID is baked into the signature hash.

§11.10(d)

Blockchain-anchored audit

Append-only SHA-256 + SHA3-256 dual-hashed chain, anchored to Ethereum mainnet via an AWS KMS HSM. Independently verifiable on Etherscan.

REST

Idempotency built in

Idempotency-Key required on all mutations, with per-tenant deduplication. Safe to retry any request and get the original response.

REST

Cursor pagination

Every list endpoint uses cursor-based pagination. No offset drift on long-running, resumable traversals through large audit sets.

OpenAPI

Versioning you can trust

Semantic versioning with CI-enforced breaking-change detection. Deprecation and Sunset headers. 12-month deprecation window.

Multi-tenant

Four-layer tenant isolation

PostgreSQL schema-per-tenant, Row Level Security, Rust compile-time enforcement, and separated audit trail. Clean offboarding, guaranteed.

Events

HMAC-signed webhooks

HMAC-SHA256 authenticated outbound events for the consent lifecycle. Exponential-backoff retry. Wire your eTMF up once, forget about it.

Ops

Request tracing & lockout

Every response carries X-Request-Id, surfaced in the audit trail. Configurable failed-auth lockout satisfies §11.10(d) brute-force prevention.

Integration patterns

Three ways teams build on Consentara today.

EDC · CTMS

Trial-system integration

Your trial management system calls Consentara to open a consent session, polls for completion, and pulls the signed record back into its own store. Staff never leave your app.

White-label

Branded participant UI

Fork the open-source reference UI, or build your own from scratch against the API. Consentara is the compliance engine; you own the participant experience.

Automation

Protocol-amendment re-consent

Your amendment workflow calls Consentara to flag affected sessions for re-consent and fan out notifications. No manual portal steps, no campaign spreadsheet.

Compliance posture

Mapped to the frameworks your auditors actually read.

21 CFR Part 11 governs the electronic records and signatures inside the consent process, not eConsent as a whole. Consentara maps 103 21 CFR Part 11 controls across §11.10, §11.50, §11.70, §11.100, §11.200 and §11.300, the same set covers EU Annex 11 to EudraLex Volume 4, and pairs them with the informed-consent frameworks (ICH E6(R3) Good Clinical Practice, EU Clinical Trials Regulation 536/2014, EU/UK General Data Protection Regulation) that sit around them.

FDA

21 CFR Part 11, Electronic Records; Electronic Signatures

103 controls mapped. Applies to the electronic records and signatures produced during a consent ceremony: audit trail, signature manifestation, access controls and system validation.

FDA

21 CFR Part 50, Protection of Human Subjects (Informed Consent)

The rule that governs informed consent itself. §50.27 signed-copy delivery and sequencing are enforced in the consent workflow.

ICH

ICH E6(R3) Good Clinical Practice

ALCOA+ (Attributable, Legible, Contemporaneous, Original, Accurate, plus Complete, Consistent, Enduring, Available) data integrity across the record. §4.3 keeps the sponsor’s obligation to obtain consent squarely with the sponsor.

EU Clinical Trials Regulation 536/2014 & Annex 11 to EudraLex Volume 4

Jurisdiction-specific Informed Consent Forms (ICFs) with 25-year paediatric retention. Annex 11 covered by the 21 CFR Part 11 control set.

GDPR

EU General Data Protection Regulation / UK General Data Protection Regulation

Access, portability, retention with Article 17(3)(b) carve-out for regulatory archives.

ISO

ISO/IEC 27001:2022, Information Security Management

In progress, Stage 1 audit targeted for Q2 2026. US Health Insurance Portability and Accountability Act (HIPAA) Security Rule requirements met as defence-in-depth; no Protected Health Information processed.

Validation responsibility is shared with the deploying organisation. Consentara provides the control mapping, evidence packages, and gate artefacts your Computer System Validation (CSV) team needs to complete your own IQ/OQ/PQ.

Defensibility

Every signature, independently verifiable.

01
Append-only, dual-hashed chain
SHA-256 + SHA3-256. Two independent chains, no single-algorithm point of failure.
02
Anchored to Ethereum mainnet
Merkle roots batched and anchored via an AWS KMS HSM-bound signing key. Tamper evidence without trusting Consentara.
03
Verifiable on Etherscan
Third parties can verify your audit trail against the public chain, no NDA, no vendor cooperation required.
04
25-year default retention
Long-tail regulatory obligations are built in, not bolted on. Per-tenant retention overrides where your jurisdiction demands them.

audit event · principal attribution

{
  "action": "consent_signed",
  "timestamp": "2026-04-19T14:07:33Z",
  "entity_type": "consent_session",
  "entity_id": "7a2e1c4b-…",
  "principal_type": "machine",
  "service_account_id": "b6d7c18f-…",
  "api_key_id": "6e7f8a9b-…",
  "on_behalf_of_user_id": "abc12345-…",
  "request_id": "0190c4a9-…",
  "detail": { "signature_hash_sha256": "b4a7…e11d" }
}

Questions we get

Before you write the RFI.

Is Consentara a portal we buy for our coordinators?

No, and that’s the point. Consentara is a compliance engine you call from the systems your team already uses. A browser reference UI is provided as open-source source code you fork, brand and operate yourself; the regulated surface is the API.

Where does 21 CFR Part 11 actually apply here?

21 CFR Part 11 governs the electronic records and electronic signatures generated during the consent ceremony, not the act of obtaining informed consent itself (that’s 21 CFR Part 50 and ICH E6(R3) Good Clinical Practice §4.3). Consentara provides the 21 CFR Part 11 surface: signature manifestation, audit trail, access controls, system validation. Your clinical processes stay the source of truth for consent.

How does a machine-executed signature still satisfy §11.10(e)?

Every audit record carries the authorising person’s user ID (on_behalf_of_user_id), the service account and API key that executed, and the single-use authorisation token bound into the signature’s cryptographic hash. No action is unattributed; every machine signature resolves to a named, authenticated person.

Who owns the participant experience?

You do. ICH E6(R3) Good Clinical Practice §4.3 and the EU Clinical Trials Regulation 536/2014 place the obligation to obtain consent on the sponsor, not on a vendor. Consentara gives you a defensible API and a forkable reference UI; you brand and operate the participant-facing experience.

What does the integration actually look like?

One-time setup is two calls: mint a service account, issue an API key. Each session is two more: authorise (as the person) → sign (as the machine with the token). Webhooks fire lifecycle events. OpenAPI 3.1 spec, idempotency keys, cursor pagination, ETag/If-Match concurrency, and versioned deprecation headers are all built in.

Where does our data live?

AWS EU-hosted (eu-west-2, London), RDS Multi-AZ PostgreSQL encrypted at rest, S3 Glacier for long-term audit archive. Schema-per-tenant isolation with Row-Level Security and compile-time enforcement in the data layer.

How is Consentara versioned?

Semantic versioning with CI-enforced OpenAPI breaking-change detection. Deprecation and Sunset response headers, plus a 12-month deprecation window. You won’t wake up to a surprise migration.

Next step

Walk through the API with our compliance lead.

Bring your 21 CFR Part 11 signature-validation pack, a target integration (EDC, CTMS or eTMF), and the sharpest question your auditors have ever asked. Leave with a mapped control list, a live API key, and a realistic integration plan.

Request a demo Get the datasheet

30-minute call · no NDA required