# `Keksdose.PlugHandler`
[🔗](https://github.com/io2/keksdose/blob/v0.4.1/lib/keksdose/plug_handler.ex#L1)

Plug accepting consent-event POSTs.

The host application is expected to have `Plug.Parsers` configured for JSON
upstream of this plug. Mount via `forward` at whatever path makes sense for
your app — the plug doesn't care about its own URL:

    forward "/api/cookie-consents", Keksdose.PlugHandler

Any POST that lands on the plug is treated as a consent event. Non-POST
methods get `405 Method Not Allowed`.

## Wire format

The plug accepts the camelCase JSON shape emitted by common browser-side
consent libraries (vanilla-cookieconsent, etc.). Required fields:

  * `consentId` — UUIDv4 the browser generates once and persists
  * `categories` — non-empty list of accepted category strings

Optional fields:

  * `changedCategories` — list of categories that changed since the prior event
  * `revision` — integer policy version the user accepted
  * `language` — BCP-47-ish tag, e.g. `"en"`

The server derives `country_iso` from the `cf-ipcountry` /
`x-vercel-ip-country` headers, masks the remote IP, and stamps
`inserted_at` server-side. Any client `timestamp` field is ignored.

Each successful POST inserts a new audit row. Repeat POSTs from the same
browser share the same `consent_id` but each event has its own server-
generated row `id`.

---

*Consult [api-reference.md](api-reference.md) for complete listing*