Organization Consents API

Manage terms, privacy, and data processing consents for business organizations.

For complete details on authentication and headers, refer to the Standard HTTP Headers reference documentation.

Prerequisites: All required consents must be accepted before organization activation.Required consents:

Terms and Conditions for Business
Privacy Policy for Business
Data Processing Agreement

Who Can Accept Organization Consents?Only users with ADMIN_USER or COMPLIANCE_OFFICER roles can accept organization-level consents.The legal representative or authorized signatory must be the one accepting these consents for legal binding.

Organization vs User Consents

Aspect	Organization-Level Consent	User-Level Consent
Scope	Applies to entire organization	Applies to individual user
Who Accepts	Legal representative (ADMIN_USER)	Individual user
Required For	Organization activation	User account activation
Examples	Business T&Cs, DPA, Corporate Privacy Policy	Employee/Director personal data consent
Legal Binding	Company is bound	Individual is bound

Mandatory Organization Consents

Before organization activation, these three consents are mandatory:

Accept Terms and Conditions

Record acceptance of terms and conditions for an organization.

Endpoint

POST /api/v2.1/customer/organization/{organizationId}/consents/terms

Path Parameters

organizationId

string

required

Organization UUID identifierExample: ef4a8be6-602b-4b26-b81d-afa7d6d835fd

Headers

X-Tenant-ID

string

required

Tenant identifierExample: tenant_cloudvault

Authorization

string

required

Bearer token for authentication

Content-Type

string

required

Must be application/json

Request Body

accepted

boolean

required

Consent acceptance flagMust be true to accept the consent

acceptedBy

string

required

User ID of the person accepting the consentExample: e2f3a4b5-c6d7-48e9-0f1a-2b3c4d5e6f7a

acceptedDate

string

required

ISO 8601 timestamp of acceptanceExample: 2026-01-13T10:04:10.579Z

Code Examples

curl -X POST "https://sandbox.finhub.cloud/api/v2.1/customer/organization/ef4a8be6-602b-4b26-b81d-afa7d6d835fd/consents/terms" \
  -H "X-Tenant-ID: tenant_cloudvault" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "accepted": true,
    "acceptedBy": "e2f3a4b5-c6d7-48e9-0f1a-2b3c4d5e6f7a",
    "acceptedDate": "2026-01-13T10:04:10.579Z"
  }'

Response

{
  "code": 200,
  "message": "terms and conditions accepted successfully",
  "data": {
    "active": false,
    "expired": false,
    "id": "consent-cust-8947f987-90be-4129-b397-43ffc1aae87c",
    "consentType": "TERMS_AND_CONDITIONS",
    "consentTitle": "CloudVault Terms and Conditions",
    "consentDescription": "By using CloudVault services, you agree to comply with and be bound by our terms and conditions.",
    "isRequired": true,
    "isGranted": true,
    "grantedAt": "2026-01-13T10:04:11.248223012",
    "expiresAt": "2027-01-13T10:04:11.248223012",
    "version": "1.0",
    "status": "ACCEPTED",
    "consentToFeatureRelations": [],
    "customerId": "ef4a8be6-602b-4b26-b81d-afa7d6d835fd",
    "consentedDate": "2026-01-13T10:04:11.246671203",
    "consentPeriod": "365",
    "tenantId": "d1e2f3a4-b5c6-47d8-9e0f-1a2b3c4d5e6f",
    "allowedOperationTypes": [],
    "parametrizations": [],
    "emailVerificationRequired": false,
    "smsVerificationRequired": false,
    "authenticatorVerificationRequired": false,
    "pushNotificationEnabled": false,
    "type": "TERMS_AND_CONDITIONS"
  }
}

Accept Privacy Policy

Record acceptance of privacy policy for an organization.

Endpoint

POST /api/v2.1/customer/organization/{organizationId}/consents/privacy

Request Body

Same structure as Terms and Conditions:

accepted

boolean

required

Must be true

acceptedBy

string

required

User ID accepting the consent

acceptedDate

string

required

ISO 8601 timestamp

Code Examples

curl -X POST "https://sandbox.finhub.cloud/api/v2.1/customer/organization/ef4a8be6-602b-4b26-b81d-afa7d6d835fd/consents/privacy" \
  -H "X-Tenant-ID: tenant_cloudvault" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "accepted": true,
    "acceptedBy": "e2f3a4b5-c6d7-48e9-0f1a-2b3c4d5e6f7a",
    "acceptedDate": "2026-01-13T10:04:11.143Z"
  }'

Response

{
  "code": 200,
  "message": "privacy policy accepted successfully",
  "data": {
    "active": false,
    "expired": false,
    "id": "consent-cust-dfe348a4-aac4-4a7b-a836-962b1a910ca8",
    "consentType": "PRIVACY_POLICY",
    "consentTitle": "CloudVault Privacy Policy",
    "consentDescription": "CloudVault respects your privacy and is committed to protecting your personal data.",
    "isRequired": true,
    "isGranted": true,
    "grantedAt": "2026-01-13T10:04:11.797198246",
    "expiresAt": "2027-01-13T10:04:11.797198246",
    "version": "1.0",
    "status": "ACCEPTED",
    "consentToFeatureRelations": [],
    "customerId": "ef4a8be6-602b-4b26-b81d-afa7d6d835fd",
    "consentedDate": "2026-01-13T10:04:11.785958406",
    "consentPeriod": "365",
    "tenantId": "d1e2f3a4-b5c6-47d8-9e0f-1a2b3c4d5e6f",
    "allowedOperationTypes": [],
    "parametrizations": [],
    "emailVerificationRequired": false,
    "smsVerificationRequired": false,
    "authenticatorVerificationRequired": false,
    "pushNotificationEnabled": false,
    "type": "PRIVACY_POLICY"
  }
}

Accept Data Processing

Record acceptance of data processing consent for an organization.

Endpoint

POST /api/v2.1/customer/organization/{organizationId}/consents/data-processing

Request Body

Same structure as Terms and Conditions:

accepted

boolean

required

Must be true

acceptedBy

string

required

User ID accepting the consent

acceptedDate

string

required

ISO 8601 timestamp

Code Examples

curl -X POST "https://sandbox.finhub.cloud/api/v2.1/customer/organization/ef4a8be6-602b-4b26-b81d-afa7d6d835fd/consents/data-processing" \
  -H "X-Tenant-ID: tenant_cloudvault" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "accepted": true,
    "acceptedBy": "e2f3a4b5-c6d7-48e9-0f1a-2b3c4d5e6f7a",
    "acceptedDate": "2026-01-13T10:04:11.619Z"
  }'

Response

{
  "code": 200,
  "message": "data processing accepted successfully",
  "data": {
    "active": false,
    "expired": false,
    "id": "consent-cust-2d604549-aab8-4ccc-b706-68202cb9f540",
    "consentType": "DATA_PROCESSING",
    "consentTitle": "CloudVault Data Processing Consent",
    "consentDescription": "We process your personal data for cloud storage services, data security, compliance monitoring, and service optimization.",
    "isRequired": true,
    "isGranted": true,
    "grantedAt": "2026-01-13T10:04:12.310595976",
    "expiresAt": "2027-01-13T10:04:12.310595976",
    "version": "1.0",
    "status": "ACCEPTED",
    "consentToFeatureRelations": [],
    "customerId": "ef4a8be6-602b-4b26-b81d-afa7d6d835fd",
    "consentedDate": "2026-01-13T10:04:12.309305526",
    "consentPeriod": "365",
    "tenantId": "d1e2f3a4-b5c6-47d8-9e0f-1a2b3c4d5e6f",
    "allowedOperationTypes": [],
    "parametrizations": [],
    "emailVerificationRequired": false,
    "smsVerificationRequired": false,
    "authenticatorVerificationRequired": false,
    "pushNotificationEnabled": false,
    "type": "DATA_PROCESSING"
  }
}

Organization vs Individual Consents

Difference from Individual ConsentsOrganization consents require additional fields for audit and compliance purposes:

Field	Individual	Organization
`accepted`	Required	Required
`acceptedBy`	Not required	Required (User ID)
`acceptedDate`	Not required	Required (ISO 8601 timestamp)

This ensures proper tracking of who accepted the consent and when for corporate compliance requirements.

Required Consents

All three consents must be accepted before organization activation:

Consent Type	Endpoint	Status
Terms and Conditions	`/consents/terms`	Required
Privacy Policy	`/consents/privacy`	Required
Data Processing	`/consents/data-processing`	Required

Response Fields

code

integer

HTTP status code (200 for success)

message

string

Human-readable status message

data

object

Consent details

Show data properties

string

Unique consent identifier

Type of consent: TERMS_AND_CONDITIONS, PRIVACY_POLICY, DATA_PROCESSING

status

string

Consent status: ACCEPTED, REVOKED, EXPIRED

isGranted

boolean

Whether consent is currently granted

grantedAt

string

ISO 8601 timestamp when consent was granted

expiresAt

string

ISO 8601 timestamp when consent expires

Validity period in days

customerId

string

Organization customer ID

tenantId

string

Tenant identifier

Check Activation Readiness

Before attempting activation, check if all consents are in place:

// Check if organization is ready for activation
const checkConsents = async (organizationId) => {
  const consentsToCheck = ['TERMS_AND_CONDITIONS', 'PRIVACY_POLICY', 'DATA_PROCESSING'];
  const consentStatus = {};
  
  for (const consentType of consentsToCheck) {
    const response = await fetch(
      `https://sandbox.finhub.cloud/api/v2.1/customer/organization/${organizationId}/consents/${consentType.toLowerCase().replace('_', '-')}`,
      {
        headers: {
          'Authorization': `Bearer ${accessToken}`,
          'X-Tenant-ID': tenantId
        }
      }
    );
    
    const { data } = await response.json();
    consentStatus[consentType] = data.status === 'ACCEPTED';
  }
  
  const allAccepted = Object.values(consentStatus).every(status => status === true);
  
  console.log('Consent Status:', consentStatus);
  console.log('Ready for activation:', allAccepted);
  
  return allAccepted;
};

Metadata Captured for Audit & Compliance

When a consent is accepted, the following metadata is automatically captured:

Metadata Field	Description	Purpose
IP Address	Client IP from `X-Forwarded-For` header	GDPR compliance, fraud prevention
User Agent	Browser/device info from `User-Agent` header	Device tracking, audit trail
Acceptance Method	How consent was granted (e.g., “web_portal”, “api”)	Legal proof of consent
Accepted By	User ID of person accepting	Legal representative identification
Timestamp	Exact time of acceptance (ISO 8601)	Legal binding moment
Document Version	Version of T&C/Privacy Policy accepted	Track which terms were agreed to
Document URL	Link to the document accepted	Legal reference
Language	Language of the document	Multi-lingual compliance
Digital Signature	Optional cryptographic signature	Enhanced legal proof

Why This Matters:

GDPR Article 7 requires proof of consent
AML/KYC regulations require audit trails
Legal disputes may require evidence of acceptance
Compliance audits need full traceability

Aspect	Individual Customer (B2C)	Organization Customer (B2B)
Consents	Personal T&C, Privacy Policy, Data Processing	Business T&C, Corporate Privacy Policy, Data Processing Agreement
Who Accepts	Individual user themselves	Legal representative (ADMIN_USER)
Scope	Personal data only	Company data + employee personal data
Legal Entity	Individual person	Legal business entity
Required Docs	Standard consumer docs	Business agreements, DPA
Revocation	User can revoke anytime	Requires authorized signatory
Activation Dependency	All 3 consents required	All 3 consents required

API Schema Reference

For the complete OpenAPI schema specification, see the API Schema Mapping document (Organization Consents operation).

Standard Headers

Complete HTTP headers reference

Organization Registration

Verification

KYB verification process

Organization Activation

Activate organization after consents

Individual Consents

Individual customer consents

Changelog

Version	Date	Changes
v1.0	2026-01-13	Enhanced organization consents documentation

Client Categories

Product Suite

Service Models

CoreX Service Model

API Service Model

Hybrid Service Model

Organization Consents API

Organization Consents API

Organization vs User Consents

Mandatory Organization Consents

Accept Terms and Conditions

Endpoint

Path Parameters

Headers

Request Body

Code Examples

Response

Accept Privacy Policy

Endpoint

Request Body

Code Examples

Response

Accept Data Processing

Endpoint

Request Body

Code Examples

Response

Organization vs Individual Consents

Required Consents

Response Fields

Check Activation Readiness

Metadata Captured for Audit & Compliance

API Schema Reference

Standard Headers

Organization Registration

Verification

Organization Activation

Individual Consents

Changelog

Client Categories

Product Suite

Service Models

CoreX Service Model

API Service Model

Hybrid Service Model

​Organization Consents API

​Organization vs User Consents

​Mandatory Organization Consents

​Accept Terms and Conditions

​Endpoint

​Path Parameters

​Headers

​Request Body

​Code Examples

​Response

​Accept Privacy Policy

​Endpoint

​Request Body

​Code Examples

​Response

​Accept Data Processing

​Endpoint

​Request Body

​Code Examples

​Response

​Organization vs Individual Consents

​Required Consents

​Response Fields

​Check Activation Readiness

​Metadata Captured for Audit & Compliance

​B2C vs B2B Consent Differences

​API Schema Reference

​Related Endpoints

Standard Headers

Organization Registration

Verification

Organization Activation

Individual Consents

​Changelog

Organization Consents API

Organization vs User Consents

Mandatory Organization Consents

Accept Terms and Conditions

Endpoint

Path Parameters

Headers

Request Body

Code Examples

Response

Accept Privacy Policy

Endpoint

Request Body

Code Examples

Response

Accept Data Processing

Endpoint

Request Body

Code Examples

Response

Organization vs Individual Consents

Required Consents

Response Fields

Check Activation Readiness

Metadata Captured for Audit & Compliance

B2C vs B2B Consent Differences

API Schema Reference

Related Endpoints

Changelog