Save consent information for a subject.

POST /v1/consents?by.id=id&by.type=user
Content-Type: application/json

by is an optional parameter that specifies the user identifier for the user saving the consent on behalf of the data subject. If omitted or empty, it is assumed that the data subject is recording the consent himself/herself.

If the data subject has parents or guardians, then by must be one of those parent or guardians.

The expected request document is as follows:

Content-Type: application/json

{
  "subject": {"type": "user", "id":"..."},
  "granules": {
    "granule1": {
      "value": true,
      "choices": {
        "notBeforeDate": "...",
        "expirationDate": "...",
         // Additional user choice fields defined for the granule
      },
      "policy": {
        "url": "url to policy document",
        "version": "policy version if applicable"
      } 
    },
    // Additional granules
  }
}

The policy object can be used to record the terms and conditions applicable to this consent. If the consent is stored using this API instead of one of the form APIs, this field can be used to record an online policy document under which consent is captured.

If a data subject record does not exist for the given subject, an empty record is created with the given ID.

Response

200 Ok

Consent stored. The returned document contains consent identifier information for each granule:

{
  "granule1": {
    "url": "https://consentgrid.io/v1/consents/5398fstre435892353A0823839298",
    "id": "5398fstre435892353A0823839298"
  },
  "granule2": {...}
}
400 Bad Request

Malformed request, invalid value, etc. The return value is a JSON error object containing diagnostic information.

403 Forbidden

The authenticated key does not have the privileges for this operation. The return value is a JSON error object containing diagnostic information.