Phase 4: Consent Management

Organization consents are at organization level (not per-user) and must be accepted by an authorized signatory (CEO or equivalent).

Required Consents

Consent Type	Required	Accepted By
`TERMS_AND_CONDITIONS`	✅ Yes	CEO/Authorized Signatory
`PRIVACY_POLICY`	✅ Yes	CEO/Authorized Signatory
`DATA_PROCESSING`	✅ Yes	CEO/Authorized Signatory
`COMMERCIAL_SERVICES`	Optional	CEO/Authorized Signatory

Key Difference from Individual Consents: Organization consents require acceptedBy object with signatory details.

Accept Terms and Conditions

Request
Response

Endpoint: POST /api/v2.1/customer/organization/{organizationId}/consents/termsHeaders:

Authorization: Bearer {ceo-or-admin-jwt-token}
X-Forwarded-For: 192.168.1.100
User-Agent: Mozilla/5.0...

Request Body:

{
  "accepted": true,
  "version": "1.0",
  "acceptedBy": {
    "name": "Jane Smith",
    "position": "CEO",
    "email": "[email protected]",
    "authority": "AUTHORIZED_SIGNATORY"
  },
  "acceptanceTimestamp": "2026-01-15T10:00:00.000Z",
  "digitalSignature": "base64-encoded-signature"
}

Status: 200 OK

{
  "code": 200,
  "message": "terms and conditions accepted successfully",
  "data": {
    "id": "consent-1122e8400-e29b-41d4-a716-446655440180",
    "organizationId": "org-880e8400-e29b-41d4-a716-446655440110",
    "tenantId": "97e7ff29-15f3-49ef-9681-3bbfcce4f6cd",
    "consentType": "TERMS_AND_CONDITIONS",
    "status": "ACCEPTED",
    "version": "1.0",
    "grantedAt": "2026-01-15T10:00:00.000Z",
    "expiresAt": "2027-01-15T10:00:00.000Z",
    "acceptedBy": {
      "name": "Jane Smith",
      "position": "CEO",
      "authority": "AUTHORIZED_SIGNATORY"
    },
    "ipAddress": "192.168.1.100",
    "userAgent": "Mozilla/5.0...",
    "digitalSignature": "base64-encoded-signature",
    "legallyBinding": true,
    "metadata": {
      "documentUrl": "https://finhub.com/terms/business/v1.0",
      "language": "en-GB",
      "jurisdiction": "England and Wales"
    }
  }
}

Accept Privacy Policy

Request
Response

Endpoint: POST /api/v2.1/customer/organization/{organizationId}/consents/privacyRequest Body:

{
  "accepted": true,
  "version": "1.0",
  "acceptedBy": {
    "name": "Jane Smith",
    "position": "CEO",
    "email": "[email protected]",
    "authority": "AUTHORIZED_SIGNATORY"
  },
  "acceptanceTimestamp": "2026-01-15T10:05:00.000Z"
}

Status: 200 OK

{
  "code": 200,
  "message": "Privacy policy accepted successfully",
  "data": {
    "id": "consent-1122e8400-e29b-41d4-a716-446655440181",
    "consentType": "PRIVACY_POLICY",
    "status": "ACCEPTED",
    "grantedAt": "2026-01-15T10:05:00.000Z",
    "acceptedBy": {
      "name": "Jane Smith",
      "position": "CEO"
    }
  }
}

Accept Data Processing Agreement

Request
Response

Endpoint: POST /api/v2.1/customer/organization/{organizationId}/consents/data-processingRequest Body:

{
  "accepted": true,
  "version": "1.0",
  "acceptedBy": {
    "name": "Jane Smith",
    "position": "CEO",
    "email": "[email protected]",
    "authority": "AUTHORIZED_SIGNATORY"
  },
  "acceptanceTimestamp": "2026-01-15T10:10:00.000Z"
}

Status: 200 OK

{
  "code": 200,
  "message": "Data processing agreement accepted successfully",
  "data": {
    "id": "consent-1122e8400-e29b-41d4-a716-446655440182",
    "consentType": "DATA_PROCESSING",
    "status": "ACCEPTED",
    "grantedAt": "2026-01-15T10:10:00.000Z"
  }
}

AcceptedBy Object

The acceptedBy object captures signatory details for legal compliance:

Field	Required	Description
`name`	✅	Full name of signatory
`position`	✅	Position in organization
`email`	✅	Email address
`authority`	✅	Authority type

Authority Types

Authority	Description
`AUTHORIZED_SIGNATORY`	Legally authorized to sign
`CEO`	Chief Executive Officer
`CFO`	Chief Financial Officer
`DIRECTOR`	Board Director
`LEGAL_REPRESENTATIVE`	Legal Representative

Field	Individual (B2C)	Organization (B2B)
`accepted`	✅ Required	✅ Required
`version`	✅ Required	✅ Required
`acceptedBy`	❌ Not required	✅ Required
`digitalSignature`	❌ Optional	✅ Recommended
`jurisdiction`	❌ Not captured	✅ Captured

Director Consents (Optional)

Each director may need to accept individual DATA_PROCESSING consent.

Note: Director consents are currently BYPASSED in activation checks for testing purposes.

Endpoint: POST /api/v2.1/customer/individual/{directorIndividualId}/consents/data-processing

Next Step

After all consents are accepted, proceed to Phase 5: Organization Activation.

Phase 5: Activation

Validate roles and activate organization

Client Categories

Product Suite

Service Models

CoreX Service Model

API Service Model

Hybrid Service Model

Phase 4: Consent Management

Required Consents

Accept Terms and Conditions

Accept Privacy Policy

Accept Data Processing Agreement

AcceptedBy Object

Authority Types

Director Consents (Optional)

Next Step

Phase 5: Activation

Client Categories

Product Suite

Service Models

CoreX Service Model

API Service Model

Hybrid Service Model

​Phase 4: Consent Management

​Required Consents

​Accept Terms and Conditions

​Accept Privacy Policy

​Accept Data Processing Agreement

​AcceptedBy Object

​Authority Types

​B2B vs B2C Consent Comparison

​Director Consents (Optional)

​Next Step

Phase 5: Activation

Phase 4: Consent Management

Required Consents

Accept Terms and Conditions

Accept Privacy Policy

Accept Data Processing Agreement

AcceptedBy Object

Authority Types

B2B vs B2C Consent Comparison

Director Consents (Optional)

Next Step