This is indeed a big topic, which I will do my best to cover in a single short answer here. This all comes very much down to your consent and identity data model. How many options for subscriptions will you be offering your subscribers?How many objects (data extensions) will you be using?
– Will it only be a single master data extension, with boolean fields for consent and subscriptions? This can quickly and easily be solved using the Upsert Data REST endpoint. You will also need to use similar API to fetch the existing information and consent status from same data model.
– Usually you would use a normalised data model, where you have one object for your contact, while having related objects storing information about your subscriptions, and other attributes. This makes it more complex, as it introduces a need for some degree of orchestration (i.e. you need to create your contact, before you can create your consent records, as these need to point to your contact key). You can still use the above API, but it will require your preference center to perform multiple subsequent API calls to perform a full update.
– Alternatively, you could incorporate a JSON Code Resource to accept a JSON payload from your preference center, and use Ampscript/SSJS to parse it, and distribute it across the different data extensions. This will lift the burden of orchestration away from your preference center, and make the data model more agnostic, meaning any updates to the data model can be accommodated in the code resource, instead of the preference center. But this will certainly require some degree of expertise with SMFC development. Using JSON Code Resource will also allow for connecting to Marketing Cloud directly from your front end, making the preference center much more lightweight.
– You should also consider logging an UnsubEvent, ensuring your subscriber status is set to Unsubscribed, avoiding sending emails with commercial send classification to this individual. Remember to set the status back to Active, should this same person resubscribe.
– Last but not least, you must put some consideration in what you choose to use as a Subscriber/Contact key, as using email address is not advisable.
All the above points are assuming you are using Salesforce Marketing Cloud as system of record, holding master data about your subscribers. Should this not be the case, you must use similar API driven approach just pointing to a different application.