> ## Documentation Index
> Fetch the complete documentation index at: https://docs.finhub.cloud/llms.txt
> Use this file to discover all available pages before exploring further.
# Phase 4: Consent Management
> Accept mandatory consents before account activation
# Phase 4: Consent Management
Three mandatory consents must be accepted before account activation can proceed.
## Required Consents
| Consent Type | Required | Description |
| ---------------------- | -------- | ------------------------- |
| `TERMS_AND_CONDITIONS` | ✅ Yes | Platform terms of service |
| `PRIVACY_POLICY` | ✅ Yes | Data privacy policy |
| `DATA_PROCESSING` | ✅ Yes | Data processing agreement |
**All three consents must be ACCEPTED** before activation can proceed. Missing consents will block activation.
***
## Accept Terms and Conditions
**Endpoint:** `POST /api/v2.1/customer/individual/{customerId}/consents/terms`
**Headers:**
```http theme={null}
Authorization: Bearer {jwt-token}
User-Agent: Mozilla/5.0...
```
**Request Body:**
```json theme={null}
{
"accepted": true,
"version": "1.0",
"acceptanceTimestamp": "2026-01-14T11:00:00.000Z"
}
```
**Status:** `200 OK`
```json theme={null}
{
"code": 200,
"message": "Terms and conditions accepted successfully",
"data": {
"id": "consent-990e8400-e29b-41d4-a716-446655440040",
"customerId": "cust-550e8400-e29b-41d4-a716-446655440010",
"tenantId": "97e7ff29-15f3-49ef-9681-3bbfcce4f6cd",
"consentType": "TERMS_AND_CONDITIONS",
"status": "ACCEPTED",
"version": "1.0",
"grantedAt": "2026-01-14T11:00:00.000Z",
"expiresAt": "2027-01-14T11:00:00.000Z",
"ipAddress": "192.168.1.100",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)...",
"metadata": {
"acceptanceMethod": "WEB_UI",
"documentUrl": "https://finhub.com/terms/v1.0",
"language": "en-US"
}
}
}
```
***
## Accept Privacy Policy
**Endpoint:** `POST /api/v2.1/customer/individual/{customerId}/consents/privacy`
**Request Body:**
```json theme={null}
{
"accepted": true,
"version": "1.0",
"acceptanceTimestamp": "2026-01-14T11:01:00.000Z"
}
```
**Status:** `200 OK`
```json theme={null}
{
"code": 200,
"message": "Privacy policy accepted successfully",
"data": {
"id": "consent-990e8400-e29b-41d4-a716-446655440041",
"consentType": "PRIVACY_POLICY",
"status": "ACCEPTED",
"version": "1.0",
"grantedAt": "2026-01-14T11:01:00.000Z",
"expiresAt": "2027-01-14T11:01:00.000Z"
}
}
```
***
## Accept Data Processing Agreement
**Endpoint:** `POST /api/v2.1/customer/individual/{customerId}/consents/data-processing`
**Request Body:**
```json theme={null}
{
"accepted": true,
"version": "1.0",
"acceptanceTimestamp": "2026-01-14T11:02:00.000Z"
}
```
**Status:** `200 OK`
```json theme={null}
{
"code": 200,
"message": "Data processing agreement accepted successfully",
"data": {
"id": "consent-990e8400-e29b-41d4-a716-446655440042",
"consentType": "DATA_PROCESSING",
"status": "ACCEPTED",
"version": "1.0",
"grantedAt": "2026-01-14T11:02:00.000Z",
"expiresAt": "2027-01-14T11:02:00.000Z"
}
}
```
***
## Consent Response Fields
| Field | Description |
| ------------- | --------------------------------- |
| `id` | Unique consent record ID |
| `consentType` | Type of consent |
| `status` | `ACCEPTED` or `PENDING` |
| `version` | Consent document version |
| `grantedAt` | Timestamp of acceptance |
| `expiresAt` | Consent expiry (typically 1 year) |
| `ipAddress` | IP address at time of acceptance |
| `userAgent` | Browser/client information |
***
## Consent Metadata Captured
For audit and compliance purposes, the following is recorded:
| Data Point | Example |
| --------------------- | -------------------------------------------------------------- |
| **IP Address** | 192.168.1.100 |
| **User Agent** | Mozilla/5.0 (Windows NT 10.0; Win64; x64)... |
| **Acceptance Method** | WEB\_UI, MOBILE\_APP, API |
| **Document URL** | [https://finhub.com/terms/v1.0](https://finhub.com/terms/v1.0) |
| **Language** | en-US |
| **Timestamp** | 2026-01-14T11:00:00.000Z |
***
## Check Consent Status
Before activation, verify all consents are in place:
```javascript theme={null}
async function checkActivationReadiness(customerId, tenantId) {
const required = ['TERMS_AND_CONDITIONS', 'PRIVACY_POLICY', 'DATA_PROCESSING'];
const missing = [];
for (const type of required) {
const hasConsent = await checkConsent(customerId, tenantId, type);
if (!hasConsent) {
missing.push(type);
}
}
return {
ready: missing.length === 0,
missing: missing
};
}
```
***
## B2C vs B2B Consent Differences
**Individual consents** only require `accepted: true`. Organization consents require additional fields:
* `acceptedBy` (user ID)
* `acceptedDate` (timestamp)
| Field | Individual (B2C) | Organization (B2B) |
| -------------- | ---------------- | ------------------ |
| `accepted` | Required | Required |
| `acceptedBy` | Not required | Required |
| `acceptedDate` | Not required | Required |
***
## Next Step
After all consents are accepted, proceed to **Phase 5: Account Activation**.
Activate account and generate IBAN