Phase 4: Consent Management
Three mandatory consents must be accepted before account activation can proceed.
Required Consents
| Consent Type | Required | Description |
|---|
TERMS_AND_CONDITIONS | ✅ Yes | Platform terms of service |
PRIVACY_POLICY | ✅ Yes | Data privacy policy |
DATA_PROCESSING | ✅ Yes | Data processing agreement |
All three consents must be ACCEPTED before activation can proceed. Missing consents will block activation.
Accept Terms and Conditions
Endpoint: POST /api/v2.1/customer/individual/{customerId}/consents/termsHeaders:Authorization: Bearer {jwt-token}
X-Forwarded-For: 192.168.1.100
User-Agent: Mozilla/5.0...
{
"accepted": true,
"version": "1.0",
"acceptanceTimestamp": "2026-01-14T11:00:00.000Z"
}
Status: 200 OK{
"code": 200,
"message": "Terms and conditions accepted successfully",
"data": {
"id": "consent-990e8400-e29b-41d4-a716-446655440040",
"customerId": "cust-550e8400-e29b-41d4-a716-446655440010",
"tenantId": "97e7ff29-15f3-49ef-9681-3bbfcce4f6cd",
"consentType": "TERMS_AND_CONDITIONS",
"status": "ACCEPTED",
"version": "1.0",
"grantedAt": "2026-01-14T11:00:00.000Z",
"expiresAt": "2027-01-14T11:00:00.000Z",
"ipAddress": "192.168.1.100",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)...",
"metadata": {
"acceptanceMethod": "WEB_UI",
"documentUrl": "https://finhub.com/terms/v1.0",
"language": "en-US"
}
}
}
Accept Privacy Policy
Endpoint: POST /api/v2.1/customer/individual/{customerId}/consents/privacyRequest Body:{
"accepted": true,
"version": "1.0",
"acceptanceTimestamp": "2026-01-14T11:01:00.000Z"
}
Status: 200 OK{
"code": 200,
"message": "Privacy policy accepted successfully",
"data": {
"id": "consent-990e8400-e29b-41d4-a716-446655440041",
"consentType": "PRIVACY_POLICY",
"status": "ACCEPTED",
"version": "1.0",
"grantedAt": "2026-01-14T11:01:00.000Z",
"expiresAt": "2027-01-14T11:01:00.000Z"
}
}
Accept Data Processing Agreement
Endpoint: POST /api/v2.1/customer/individual/{customerId}/consents/data-processingRequest Body:{
"accepted": true,
"version": "1.0",
"acceptanceTimestamp": "2026-01-14T11:02:00.000Z"
}
Status: 200 OK{
"code": 200,
"message": "Data processing agreement accepted successfully",
"data": {
"id": "consent-990e8400-e29b-41d4-a716-446655440042",
"consentType": "DATA_PROCESSING",
"status": "ACCEPTED",
"version": "1.0",
"grantedAt": "2026-01-14T11:02:00.000Z",
"expiresAt": "2027-01-14T11:02:00.000Z"
}
}
Consent Response Fields
| Field | Description |
|---|
id | Unique consent record ID |
consentType | Type of consent |
status | ACCEPTED or PENDING |
version | Consent document version |
grantedAt | Timestamp of acceptance |
expiresAt | Consent expiry (typically 1 year) |
ipAddress | IP address at time of acceptance |
userAgent | Browser/client information |
For audit and compliance purposes, the following is recorded:
| Data Point | Example |
|---|
| IP Address | 192.168.1.100 |
| User Agent | Mozilla/5.0 (Windows NT 10.0; Win64; x64)… |
| Acceptance Method | WEB_UI, MOBILE_APP, API |
| Document URL | https://finhub.com/terms/v1.0 |
| Language | en-US |
| Timestamp | 2026-01-14T11:00:00.000Z |
Check Consent Status
Before activation, verify all consents are in place:
async function checkActivationReadiness(customerId, tenantId) {
const required = ['TERMS_AND_CONDITIONS', 'PRIVACY_POLICY', 'DATA_PROCESSING'];
const missing = [];
for (const type of required) {
const hasConsent = await checkConsent(customerId, tenantId, type);
if (!hasConsent) {
missing.push(type);
}
}
return {
ready: missing.length === 0,
missing: missing
};
}
B2C vs B2B Consent Differences
Individual consents only require accepted: true. Organization consents require additional fields:
acceptedBy (user ID)acceptedDate (timestamp)
| Field | Individual (B2C) | Organization (B2B) |
|---|
accepted | Required | Required |
acceptedBy | Not required | Required |
acceptedDate | Not required | Required |
Next Step
After all consents are accepted, proceed to Phase 5: Account Activation.
Phase 5: Activation
Activate account and generate IBAN
