> ## Documentation Index
> Fetch the complete documentation index at: https://docs.finhub.cloud/llms.txt
> Use this file to discover all available pages before exploring further.
# Phase 4: Consent Management
> Accept organization-level consents with authorized signatory details
# Phase 4: Consent Management
Organization consents are at **organization level** (not per-user) and must be accepted by an authorized signatory (CEO or equivalent).
## Required Consents
| Consent Type | Required | Accepted By |
| ---------------------- | -------- | ------------------------ |
| `TERMS_AND_CONDITIONS` | ✅ Yes | CEO/Authorized Signatory |
| `PRIVACY_POLICY` | ✅ Yes | CEO/Authorized Signatory |
| `DATA_PROCESSING` | ✅ Yes | CEO/Authorized Signatory |
| `COMMERCIAL_SERVICES` | Optional | CEO/Authorized Signatory |
**Key Difference from Individual Consents:** Organization consents require `acceptedBy` object with signatory details.
***
## Accept Terms and Conditions
**Endpoint:** `POST /api/v2.1/customer/organization/{organizationId}/consents/terms`
**Headers:**
```http theme={null}
Authorization: Bearer {ceo-or-admin-jwt-token}
User-Agent: Mozilla/5.0...
```
**Request Body:**
```json theme={null}
{
"accepted": true,
"version": "1.0",
"acceptedBy": {
"name": "Jane Smith",
"position": "CEO",
"email": "jane.smith@acme-corp.com",
"authority": "AUTHORIZED_SIGNATORY"
},
"acceptanceTimestamp": "2026-01-15T10:00:00.000Z",
"digitalSignature": "base64-encoded-signature"
}
```
**Status:** `200 OK`
```json theme={null}
{
"code": 200,
"message": "terms and conditions accepted successfully",
"data": {
"id": "consent-1122e8400-e29b-41d4-a716-446655440180",
"organizationId": "org-880e8400-e29b-41d4-a716-446655440110",
"tenantId": "97e7ff29-15f3-49ef-9681-3bbfcce4f6cd",
"consentType": "TERMS_AND_CONDITIONS",
"status": "ACCEPTED",
"version": "1.0",
"grantedAt": "2026-01-15T10:00:00.000Z",
"expiresAt": "2027-01-15T10:00:00.000Z",
"acceptedBy": {
"name": "Jane Smith",
"position": "CEO",
"authority": "AUTHORIZED_SIGNATORY"
},
"ipAddress": "192.168.1.100",
"userAgent": "Mozilla/5.0...",
"digitalSignature": "base64-encoded-signature",
"legallyBinding": true,
"metadata": {
"documentUrl": "https://finhub.com/terms/business/v1.0",
"language": "en-GB",
"jurisdiction": "England and Wales"
}
}
}
```
***
## Accept Privacy Policy
**Endpoint:** `POST /api/v2.1/customer/organization/{organizationId}/consents/privacy`
**Request Body:**
```json theme={null}
{
"accepted": true,
"version": "1.0",
"acceptedBy": {
"name": "Jane Smith",
"position": "CEO",
"email": "jane.smith@acme-corp.com",
"authority": "AUTHORIZED_SIGNATORY"
},
"acceptanceTimestamp": "2026-01-15T10:05:00.000Z"
}
```
**Status:** `200 OK`
```json theme={null}
{
"code": 200,
"message": "Privacy policy accepted successfully",
"data": {
"id": "consent-1122e8400-e29b-41d4-a716-446655440181",
"consentType": "PRIVACY_POLICY",
"status": "ACCEPTED",
"grantedAt": "2026-01-15T10:05:00.000Z",
"acceptedBy": {
"name": "Jane Smith",
"position": "CEO"
}
}
}
```
***
## Accept Data Processing Agreement
**Endpoint:** `POST /api/v2.1/customer/organization/{organizationId}/consents/data-processing`
**Request Body:**
```json theme={null}
{
"accepted": true,
"version": "1.0",
"acceptedBy": {
"name": "Jane Smith",
"position": "CEO",
"email": "jane.smith@acme-corp.com",
"authority": "AUTHORIZED_SIGNATORY"
},
"acceptanceTimestamp": "2026-01-15T10:10:00.000Z"
}
```
**Status:** `200 OK`
```json theme={null}
{
"code": 200,
"message": "Data processing agreement accepted successfully",
"data": {
"id": "consent-1122e8400-e29b-41d4-a716-446655440182",
"consentType": "DATA_PROCESSING",
"status": "ACCEPTED",
"grantedAt": "2026-01-15T10:10:00.000Z"
}
}
```
***
## AcceptedBy Object
The `acceptedBy` object captures signatory details for legal compliance:
| Field | Required | Description |
| ----------- | -------- | ------------------------ |
| `name` | ✅ | Full name of signatory |
| `position` | ✅ | Position in organization |
| `email` | ✅ | Email address |
| `authority` | ✅ | Authority type |
### Authority Types
| Authority | Description |
| ---------------------- | -------------------------- |
| `AUTHORIZED_SIGNATORY` | Legally authorized to sign |
| `CEO` | Chief Executive Officer |
| `CFO` | Chief Financial Officer |
| `DIRECTOR` | Board Director |
| `LEGAL_REPRESENTATIVE` | Legal Representative |
***
## B2B vs B2C Consent Comparison
| Field | Individual (B2C) | Organization (B2B) |
| ------------------ | ---------------- | ------------------ |
| `accepted` | ✅ Required | ✅ Required |
| `version` | ✅ Required | ✅ Required |
| `acceptedBy` | ❌ Not required | ✅ Required |
| `digitalSignature` | ❌ Optional | ✅ Recommended |
| `jurisdiction` | ❌ Not captured | ✅ Captured |
***
## Director Consents (Optional)
Each director may need to accept individual `DATA_PROCESSING` consent.
**Note:** Director consents are currently BYPASSED in activation checks for testing purposes.
**Endpoint:** `POST /api/v2.1/customer/individual/{directorIndividualId}/consents/data-processing`
***
## Next Step
After all consents are accepted, proceed to **Phase 5: Organization Activation**.
Validate roles and activate organization