Skip to main content

Consent Verification API

APIs for verifying customer consents through various methods including email resend, magic links, and token verification.
Base URL: https://sandbox.finhub.cloud/api/v2.1/consent/verification

Available Operations

Resend Verification

POST /resend

Send Magic Link

POST /send-magic-link

Verify Token

GET /verify/{token}

Accept Consent

POST /consents/{type}
Directly accept a consent on behalf of a customer (used in onboarding flows).

Endpoints

  • POST /api/v2.1/customer/individual/{customerId}/consents/terms
  • POST /api/v2.1/customer/individual/{customerId}/consents/privacy
  • POST /api/v2.1/customer/individual/{customerId}/consents/data-processing
  • POST /api/v2.1/customer/organization/{organizationId}/consents/terms
  • POST /api/v2.1/customer/organization/{organizationId}/consents/privacy
  • POST /api/v2.1/customer/organization/{organizationId}/consents/data-processing

Request Body

accepted
boolean
required
Whether the consent is acceptedExample: true
version
string
required
Consent versionExample: "1.0"

Headers

X-Tenant-ID
string
required
Tenant identifier
Authorization
string
required
Bearer token for authentication
Content-Type
string
required
Must be application/json
X-Forwarded-From
string
required
Source identifier for request origin tracking
User-Agent
string
required
Client application identifier — required by the global request filter
platform
string
required
Client platform identifier. Also accepted as sec-ch-ua-platform
deviceId
string
required
Unique device identifier for session tracking. Also accepted as X-Device-Id or device-id

Code Example

cURL - Terms Consent
curl -X POST "https://sandbox.finhub.cloud/api/v2.1/customer/individual/de645b7b-219a-4fdf-bd59-a7bf454a0586/consents/terms" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "X-Tenant-ID: 97e7ff29-15f3-49ef-9681-3bbfcce4f6cd" \
  -H "X-Forwarded-From: e2e-test" \
  -H "User-Agent: YourApp/1.0" \
  -H "platform: web" \
  -H "deviceId: e2e-test-device" \
  -d '{
    "accepted": true,
    "version": "1.0"
  }'

Response

{
  "code": 200,
  "data": {
    "verificationId": "f778e9d2-9097-4328-9b76-8f225d48c9aa",
    "status": "PENDING",
    "verificationType": "CONSENT",
    "updatedAt": "2026-03-10T07:10:04.068Z",
    "updatedBy": "7e14ae4c-1e6c-4792-83f0-2263f2d13bce"
  },
  "message": "Success"
}

Resend Verification

Resends the consent verification email to the customer.

Request

Authorization
string
required
Bearer token for authentication
X-Tenant-ID
string
required
Tenant identifier
customerId
string
required
Customer identifier
consentId
string
required
Consent identifier to verify
channel
string
Delivery channel: EMAIL, SMS (default: EMAIL)

Code Examples

curl -X POST "https://sandbox.finhub.cloud/api/v2.1/consent/verification/resend" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "X-Tenant-ID: 97e7ff29-15f3-49ef-9681-3bbfcce4f6cd" \
  -H "X-Forwarded-From: e2e-test" \
  -H "User-Agent: YourApp/1.0" \
  -H "platform: web" \
  -H "deviceId: 356938035643809" \
  -d '{
    "customerId": "cust_12345",
    "consentId": "cons_67890",
    "channel": "EMAIL"
  }'

{
  "success": true,
  "data": {
    "customerId": "cust_12345",
    "consentId": "cons_67890",
    "channel": "EMAIL",
    "sentAt": "2024-01-15T10:30:00Z",
    "expiresAt": "2024-01-15T11:30:00Z"
  }
}
Sends a magic link for one-click consent verification.

Request

customerId
string
required
Customer identifier
consentId
string
required
Consent identifier to verify
redirectUrl
string
URL to redirect after verification (must be whitelisted)
expiresInMinutes
integer
Link expiration time in minutes (default: 60, max: 1440)

Code Examples

curl -X POST "https://sandbox.finhub.cloud/api/v2.1/consent/verification/send-magic-link" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "X-Tenant-ID: 97e7ff29-15f3-49ef-9681-3bbfcce4f6cd" \
  -H "X-Forwarded-From: e2e-test" \
  -H "User-Agent: YourApp/1.0" \
  -H "platform: web" \
  -H "deviceId: 356938035643809" \
  -d '{
    "customerId": "cust_12345",
    "consentId": "cons_67890",
    "redirectUrl": "https://your-app.com/consent-confirmed",
    "expiresInMinutes": 60
  }'

{
  "success": true,
  "data": {
    "customerId": "cust_12345",
    "consentId": "cons_67890",
    "sentTo": "j***@example.com",
    "sentAt": "2024-01-15T10:30:00Z",
    "expiresAt": "2024-01-15T11:30:00Z"
  }
}

Verify Token

Verifies a consent using the token from the verification email or magic link.

Request

token
string
required
Verification token from email or magic link
X-Tenant-ID
string
required
Tenant identifier

Code Examples

curl -X GET "https://sandbox.finhub.cloud/api/v2.1/consent/verification/verify/eyJhbGciOiJIUzI1NiIs..." \
  -H "X-Tenant-ID: 97e7ff29-15f3-49ef-9681-3bbfcce4f6cd" \
  -H "X-Forwarded-From: e2e-test" \
  -H "User-Agent: YourApp/1.0" \
  -H "platform: web" \
  -H "deviceId: 356938035643809"

{
  "success": true,
  "data": {
    "verified": true,
    "customerId": "cust_12345",
    "consentId": "cons_67890",
    "consentType": "TERMS",
    "verifiedAt": "2024-01-15T10:35:00Z",
    "redirectUrl": "https://your-app.com/consent-confirmed"
  }
}

Verification Flow

1

Request Verification

Call /resend or /send-magic-link to send verification to customer
2

Customer Clicks Link

Customer receives email and clicks the verification link
3

Token Validation

System validates the token via /verify/{token}
4

Consent Confirmed

Consent status updated to ACCEPTED and customer redirected

Delivery Channels

ChannelDescription
EMAILVerification sent via email
SMSVerification sent via SMS (if enabled)

Response Codes

CodeDescription
200Operation successful
400Invalid request data or token
401Not Authorized
403Not Allowed
404Consent or customer not found
410Token expired
429Rate limit exceeded
500Internal server error