# Consent APIs This API manages consents for clients on behalf of the requesting organization.\ It covers the following endpoints: * [Consent Request](#consent-request) * [Consent Status](#consent-status) * [Consent Retry](#consent-retry) * [Consent History](#consent-history) ### Consent Request **Method:** POST\ **Path:** `/api/v1/consent/request` **Description:** Creates a new consent request for a client.\ A JWT token is returned in the `consentToken` field, which can be used to fetch the status or retry the consent. The optional `callback` object is used to receive asynchronous consent events (accept/decline/timeout). If no callback is specified, no event will be sent. Values for `providerBusinessUnit`, `purpose`, `template`, and `templateData` can be retrieved from the [Supporting APIs](/askmefirst/supporting-apis.md). #### Request **Headers** | Header | Value | Required | | ------------------------ | ---------------- | -------- | | Authorization | Bearer `` | Yes | | x-requester-reference | string | Yes | | x-provider-business-unit | GUID | Yes | **Header Field Descriptions**
FieldTypeRequiredDescription
AuthorizationBearer tokenYesAuth Token retrieved from the Authentication API
x-requester-referencestringYesThis is a unique reference in the Requester system to track the transaction
x-provider-business-unitGUIDYesThe Provider BusinessUnit selected for the Identity Provider, obtained from the Supporting APIs
**Body** ```json { "candidate": { "firstName": "string", "lastName": "string", "identificationTypeId": 0, "identityNumber": "string" }, "purpose": "00000000-0000-0000-0000-000000000000", "documentFromDate": "2026-05-07T09:23:26.786Z", "documentToDate": "2026-05-07T09:23:26.786Z", "template": { "id": "00000000-0000-0000-0000-000000000000", "text": "Additional fields for provider", "templateData": [ { "key": "CUSTOM_FIELD_NAME_1", "validation": "string", "value": "" }, { "key": "CUSTOM_FIELD_NAME_2", "validation": "string", "value": "" }, { "key": "CUSTOM_FIELD_NAME_3", "validation": "string", "value": "" } ] }, "callback": { "url": "string", "headers": [ { "key": "string", "value": "string" } ] } } ``` **Request Field Descriptions**
FieldTypeRequiredDescription
candidate.firstNamestringYesClient’s first name
candidate.lastNamestringYesClient’s last name
candidate.identificationTypeIdintegerYesType of identification (e.g., passport, national ID)
candidate.identityNumberstringYesIdentification number
purposeGUIDYesPurpose ID retrieved from the Supporting APIs
documentFromDateDateTimeYesThe date on which the document begins
documentToDateDateTimeYesThe date on which the document ends
template.idGUIDYesTemplate ID from the Supporting APIs
template.textstringYesDescription of the template from the Supporting APIs
template.templateDataarrayYesList of additional fields for the provider from the Supporting APIs, update value with actual data
callback.urlstringNoURL to send consent event notifications
callback.headersarrayNoOptional custom headers for callback
callback.headers.keystringYes if callback is specifiedCustom headers key for callback
callback.headers.valuestringYes if callback is specifiedCustom headers value for callback
#### Response **Body** ```json { "consentToken": "string" } ``` **Response Field Descriptions**
FieldTypeDescription
consentTokenstringJWT token as described in RFC7519 representing the consent request; used for Consent Status and Consent Retry APIs
*** ### Consent Status **Method:** POST\ **Path:** `/api/v1/consent/status` **Description:** Retrieves the status of a consent request submitted via the [Consent Request](#consent-request) API.\ It also indicates if a retry of the consent is allowed, based on the status of the consent and how many retries have been attempted. #### Request **Headers** | Header | Value | Required | | ------------- | ---------------- | -------- | | Authorization | Bearer `` | Yes | **Header Field Descriptions**
FieldTypeRequiredDescription
AuthorizationBearer tokenYesAuth Token retrieved from the Authentication API
**Body** ```json { "consentToken": "JWT" } ``` **Request Field Descriptions**
FieldTypeRequiredDescription
consentTokenstringYesConsent Token retrieved from the Consent Request API or Consent Retry API
#### Response **Body** ```json { "status": { "id": "00000000-0000-0000-0000-000000000000", "displayName": "string", "canRetry": true }, "providerToken": "string" } ``` **Response Field Descriptions** | Field | Type | Description | | -------------------- | ------- | ----------------------------------------------------------------------------------------------- | | `status.id` | GUID | Unique ID of the current consent | | `status.displayName` | string | Human-readable status (e.g., Initial, Accepted, Declined) | | `status.canRetry` | boolean | Indicates if retrying this consent is allowed | | `providerToken` | string | Token issued by the Identity Provider for this consent request, only if the consent is Accepted | **Status Field Descriptions**
IdNameDescription
13CD3DAD-FD28-4355-A156-0D7B01546EC6Consent GrantedThe client has granted explicit consent for the given request
23CD3DAD-FD28-4355-A156-0D7B01546EC6Consent DeclinedThe client has explicity denied consent for the given request
33CD3DAD-FD28-4355-A156-0D7B01546EC6No Response from customerThe client has failed to respond to the given request in time
43CD3DAD-FD28-4355-A156-0D7B01546EC6Non Account HolderThe client does not hold an account with the chosen provider
53CD3DAD-FD28-4355-A156-0D7B01546EC6Non mobile clientThe client does not have a registered mobile device with the chosen provider
63CD3DAD-FD28-4355-A156-0D7B01546EC6Request FailedThere was a failure submitting the given request with the provider
73CD3DAD-FD28-4355-A156-0D7B01546EC6No Data AvailableThe provider does not have any data available for the client
83CD3DAD-FD28-4355-A156-0D7B01546EC6Account ClosedThe provider has indicated that the client's account is closed
93CD3DAD-FD28-4355-A156-0D7B01546EC6Consent SentThe request for consent has been successfully sent to the client and is awaiting a response
10CD3DAD-FD28-4355-A156-0D7B01546EC6Business AccountThe client holds a business account with the chosen provider
11CD3DAD-FD28-4355-A156-0D7B01546EC6Identifier Not FoundThe client identifier has not been captured in the provider system
90CD3DAD-FD28-4355-A156-0D7B01546EC6IDP OfflineThe provider is not reachable for the given request
91CD3DAD-FD28-4355-A156-0D7B01546EC6Error at IDPThe provider has returned an error for the given request
99CD3DAD-FD28-4355-A156-0D7B01546EC6System ErrorAn error has occurred within the AskMeFirst system
*** ### Consent Retry **Method:** POST\ **Path:** `/api/v1/consent/retry` **Description:** Retries a prior consent request.\ This can only be used in specific scenarios (client did not respond or a recoverable error occurred).\ Maximum retries are defined per use case. And will be defined on onboarding. A new, optional callback can be included in the body if the retry is an automated process and needs to be sent to a different endpoint. If no callback is provided, no callback will be sent. #### Request **Headers**
HeaderValueRequired
AuthorizationBearer <Token>Yes
**Header Field Descriptions**
FieldTypeRequiredDescription
AuthorizationBearer tokenYesAuth Token retrieved from the Authentication API
**Body** ```json { "consentToken": "JWT", "callback": { "url": "string", "headers": [ { "key": "string", "value": "string" } ] } } ``` **Request Field Descriptions**
FieldTypeRequiredDescription
consentTokenstringYesConsent Token retrieved from the Consent Request or Consent Retry APIs
callback.urlstringNoURL to send consent event notifications
callback.headersarrayNoOptional custom headers for callback
callback.headers.keystringYes if callback is specifiedCustom headers key for callback
callback.headers.valuestringYes if callback is specifiedCustom headers value for callback
#### Response **Body** ```json { "consentToken": "string" } ``` **Response Field Descriptions**
FieldTypeDescription
consentTokenstringNew JWT token for the retried consent request
*** ### Consent History **Method:** GET\ **Path:** `/api/v1/consent/list` **Description:** Lists all consent requests for the requesting organization (based on BusinessUnit in the auth token). *** #### Request **Headers** | Header | Value | Required | | ------------- | ---------------- | -------- | | Authorization | Bearer `` | Yes | **Header Field Descriptions**
FieldTypeRequiredDescription
AuthorizationBearer tokenYesAuth Token retrieved from the Authentication API
*** **Path Parameters**
ParameterTypeDescription
pagenumberThe number of the page to fetch
pageSizenumberThe number of entries to return for the given page
*** #### Response **Body** ```json { "pagination": { "page": 0, "pageSize": 0 }, "consents": [ { "id": "00000000-0000-0000-0000-000000000000", "purpose": { "id": "00000000-0000-0000-0000-000000000000", "displayName": "Example purpose" }, "status": { "id": "00000000-0000-0000-0000-000000000000", "displayName": "Example status" }, "provider": { "id": "00000000-0000-0000-0000-000000000000", "displayName": "Example provider" }, "requester": { "id": "00000000-0000-0000-0000-000000000000", "displayName": "Example requester" }, "requestedAt": "2026-01-27T08:11:30.557Z", "parentId": "00000000-0000-0000-0000-000000000000" }, { "id": "00000000-0000-0000-0000-000000000000", "purpose": { "id": "00000000-0000-0000-0000-000000000000", "displayName": "Example purpose" }, "status": { "id": "00000000-0000-0000-0000-000000000000", "displayName": "Example status" }, "provider": { "id": "00000000-0000-0000-0000-000000000000", "displayName": "Example provider" }, "requester": { "id": "00000000-0000-0000-0000-000000000000", "displayName": "Example requester" }, "requestedAt": "2026-01-27T08:11:30.557Z", "parentId": "00000000-0000-0000-0000-000000000000" } ] } ``` **Response Field Descriptions**
FieldTypeDescription
paginationobjectPagination parameters of the request
idGUIDUnique ID of the consent
purposeobjectPurpose of the consent request
statusobjectCurrent status
providerobjectThe provider involved
requesterobjectThe requesting organization
requestedAtdatetimeTimestamp when the consent was created
parentIdGUIDUnique ID of the parent consent
**Purpose Field Descriptions**
FieldTypeDescription
purpose.idGUIDUnique ID of the purpose
purpose.displayNamestringA display-friendly name of the purpose
**Status Field Descriptions**
FieldTypeDescription
status.idGUIDUnique ID of the status
status.displayNamestringA display-friendly name of the status
**Provider Field Descriptions**
FieldTypeDescription
provider.idGUIDUnique ID of the provider
provider.displayNamestringA display-friendly name of the provider
**Requester Field Descriptions**
FieldTypeDescription
requester.idGUIDUnique ID of the requester
requester.displayNamestringA display-friendly name of the requester
**Pagination Field Descriptions**
FieldTypeDescription
pagination.pagenumberThe number of the page to fetch.
pagination.pageSizenumberThe number of entries to return for the given page.
*** ### Notes * Use the `consentToken` from Consent Request for Consent Status and Consent Retry. * Values for `providerBusinessUnit`, `purpose`, `template`, and `templateData` must be fetched from [Supporting APIs](/askmefirst/supporting-apis.md). * Callback URLs are optional and used for asynchronous consent events. * All endpoints require Bearer authentication. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.comcorp.co.za/askmefirst/consent-apis.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.