Data Providers

Look Up a Data User by DUID

Returns profile and status information for a registered Data User organisation identified by DUID.

Intended caller: Data Providers.

When a Data Provider calls GET /access-records/{ak} to verify an access record, the response includes a duid identifying the organisation that registered the record. Without this endpoint, the Data Provider has no independent means to confirm that the duid belongs to an active, known organisation — they can only rely on their own bilateral onboarding records.

This endpoint closes that gap by providing a central directory lookup. Data Providers should call this endpoint as part of first-time onboarding of a new DUID encountered in a verification response, and may call it periodically to detect status changes (e.g. suspension).

Authentication: Bearer token required. Data Providers must obtain a token via GET /auth/token using their own account_id:secret_key credentials, which are provisioned separately from Data User credentials.

Note on DUID mapping: The register intentionally does not map DUIDs to Data Provider platform account IDs — that linkage is the Data Provider’s responsibility, as stated in the GET /access-records/{ak} verification checklist. This endpoint supplies the canonical human-readable identity (name, status, contact) for the DUID so the Data Provider can confirm the mapping is correct on their side.

GET

data-users

{duid}

Look Up a Data User by DUID

curl --request GET \
  --url https://api.central.consent/v1/data-users/{duid} \
  --header 'Authorization: Bearer <token>'

{
  "response": {
    "resource": "/v1/data-users/duid_691df0c788ca043403b7fa90",
    "timestamp": "2026-03-18T10:00:00Z",
    "transaction-id": "tid_abc123def456abc123def456"
  },
  "data-user": {
    "duid": "duid_691df0c788ca043403b7fa90",
    "display-name": "Bright Energy Services Ltd",
    "status": "active",
    "registered-at": "2024-01-15T09:00:00Z",
    "contact-url": "https://bright-energy.com/contact",
    "data-types-supported": [
      "HH-CONSUMPTION",
      "HH-EXPORT",
      "TARIFF-IMPORT"
    ]
  }
}

Authorizations

Authorization

string

header

required

JWT from GET /auth/token. Pass as Authorization: Bearer <token>. Expires after 7200s.

Path Parameters

duid

string

required

The Data User identifier to look up. Format: duid_ followed by 24 lowercase hex characters.

Unique identifier for a registered Data User organisation, issued by the register at onboarding.

Pattern: ^duid_[0-9a-f]{24}$

Example:

"duid_691df0c788ca043403b7fa90"

Response

Data User found and returned.

response

object

required

Show child attributes

data-user

object

required

Public directory entry for a registered Data User organisation. Returned by GET /data-users/{duid}.

Show child attributes

Last modified on March 25, 2026

Submit a Discovered Access RecordSubmits a sparse, system-generated access record derived from DCC historic meter transaction logs. Used when the DCC detects that an organisation has been making data requests against a meter point but has not yet registered as a Data User in the DAR. Discovered records are distinct from full access records in two important ways: 1. **Read-only for authorisation** — a `DISCOVERED` record cannot be used by a Data Provider to authorise data release. `GET /access-records/{ak}` will return the record but with `access-event.state` set to `DISCOVERED`; Data Providers must treat this as a denial. 2. **Consumer transparency** — `DISCOVERED` records appear in `GET /meter-points/{mpxn}/access-records` responses so customers can see all parties known to have accessed their data, regardless of whether those parties have formalised their registration. When the organisation subsequently onboards as a Data User and submits a full access record via `POST /access-records` for the same MPxN and organisation, the register links the two records. The DISCOVERED record is retained for audit; the new full record becomes `ACTIVE`. **Authentication:** Restricted to DCC system credentials. Standard Data User bearer tokens are rejected on this endpoint. **Sparse schema:** Only the fields defined in `DiscoveredAccessRecord` are accepted. The full `AccessRecord` schema is not used here — `notice`, `access-event.consent`, and controller-level compliance fields are not applicable and must not be supplied.

Look Up a Data User by DUID

curl --request GET \
  --url https://api.central.consent/v1/data-users/{duid} \
  --header 'Authorization: Bearer <token>'

{
  "response": {
    "resource": "/v1/data-users/duid_691df0c788ca043403b7fa90",
    "timestamp": "2026-03-18T10:00:00Z",
    "transaction-id": "tid_abc123def456abc123def456"
  },
  "data-user": {
    "duid": "duid_691df0c788ca043403b7fa90",
    "display-name": "Bright Energy Services Ltd",
    "status": "active",
    "registered-at": "2024-01-15T09:00:00Z",
    "contact-url": "https://bright-energy.com/contact",
    "data-types-supported": [
      "HH-CONSUMPTION",
      "HH-EXPORT",
      "TARIFF-IMPORT"
    ]
  }
}

Documents

Identity Records

Re-identification

Authentication

Data Users

Data Providers

DCC

Webhooks

Look Up a Data User by DUID

Authorizations

Path Parameters

Response