Register Consent API

Introduction

The Register Consent API is the first mandatory step before performing any KYC verification or personal data processing through the Attestr Platform

Before initiating a verification request, the client (acting as the Data Fiduciary) must first obtain lawful and explicit consent from the end user (the Data Principal) for the intended data processing activity. Once the consent has been collected, the client is required to register the consent with Attestr (acting as the Data Processor) using this API.

Upon successful registration, Attestr generates a unique consent id that serves as a reference for the consent transaction. This consent id must subsequently be passed in all related verification and KYC API requests to establish a valid consent trail and enable compliant data processing on the Attestr platform.

The Register Consent API helps ensure:

Consent traceability and auditability
Regulatory compliance for personal data processing
Proper linkage between consent records and verification requests
Secure and accountable KYC workflows

Every consent registration is associated with specific:

Data categories
Data types
Purpose of processing
Verification services requested
Consent validity and metadata

Clients must ensure that the consent obtained from the Data Principal is lawful, informed, specific, and compliant with applicable data protection regulations before invoking this API.

API Details

Request

Type	URL	Version
POST	`https://api.attestr.com`/api/`{version`/public/consent/register	Use "v3" for DPDA compliant version

Request Body Parameters

Type	Name	Description	Optional (default)	Min Version
String	consentPurpose	Purpose for which consent has been obtained from the Data Principal. Allowed values are - kyc_verification background_verification Refer to Consent Purpose to read more.	Required	v3
String	consentPurposeDesc	Optional text describing the consent purpose in detail	Optional	v3
Array<Service Object>	services	List of services/products for which this consent is intended to be used for the specified purpose. Depending on the services provided, appropriate data categories are required to be passed in the data categories input below. Refer Service object definition below.	Required	v3
Array <DataCategory Object>	consentDataCategories	List of data categories and associated data types are needed for the specified input services. See Data Category Object definition below. Refer to Consent Data Categories to know more.	Required	v3
String	consentType	Allowed values are - single_use multi_use Refer to Consent Type to read more.	Required	v3
String	consentMode	Allowed values are - checkbox email_otp mobile_otp digilocker ivr physical_form offline Refer to Consent Mode to read more.	Required	v3
String	consentModeDesc	Optional text describing how the consent was collected	Optional	v3
String	consentTimestamp	ISO Date and timestamp of the time when consent was obtained from the Data Principal. Eg. "2026-05-22T00:00:00+0000" Refer to Consent Validity to know more.	Required	v3
String	consentValidFrom	ISO Timestamp from which the consent becomes valid for processing operations. Eg. "2026-05-22T00:00:00+0000" Refer to Consent Validity to know more.	Required	v3
String	consentValidTill	ISO Timestamp until which the consent remains valid for processing operations. Refer to Consent Validity to know more.	Required	v3
String	consentReferenceId	Unique client internal reference ID assigned to the consent. Refer to Consent Reference ID to know more.	Required	v3
String	consentPrincipalUserId	Data Principal user ID as assigned by client in its internal systems. Refer to Consent Principal User ID to know more.	Optional	v3
String	clientPrivacyPolicyUrl	Link to client's privacy policy. Refer to Client Privacy Policy URL and Version	Optional	v3
String	clientPrivacyPolicyVersion	Version of the client's privacy policy. Refer to Client Privacy Policy URL and Version	Optional	v3
Boolean	clientDeclaration	Must be declared as True always. Refer to Client Declaration to know more.	Required	v3
String	clientObtainedBy	ID of the client's internal user, app, system through which the consent was obtained. Refer to Client Obtained By to read more.	Optional	v3
Array <String>	consentOperations	List of allowed data processing operations for the consent. Allowed values are -VERIFY FETCH EXPORT STORE SHARE REPORT Multiple values can be provided Refer to Consent Operations to read more.	Required	v3
Boolean	webhook	Boolean flag indicating if webhooks must be triggered for consent lifecycle events. Refer to Webhooks to know more.	Optional	v3

Service Object Definition

Type	Name	Description	Optional (default)	Min Version	Max Version
String	service	Provide the Service code. Attestr assigns a unique service code to each product and service it offers. For example, the service code for Bank Account Verification is `BANK_ACC`. Please refer to the relevant product documentation to identify the correct service code for the service you intend to use.	Required	v3
Object	options	Reserved for future use. Used for specifying service specific options which helps to decide the associated data categories.	Optional	v3

Data Category Object Definition

Type	Key	Description	Min Version	Max Version
String	category	Data category for the provided service	v3
Array<String>	values	Associated data types as mapped to the provided service	v3

Request Header Parameters

Type	Name	Value / Description	Optional	Min Version	Max Version
String	Content-Type	application/json	Required	v3
String	Authorization	Basic `{authToken}`	Required	v3

If you do not have the authentication token, please refer to Register App to generate one.

Sample Request Payload

JSON
    
xxxxxxxxxx
 
{    "consentPurpose": "kyc_verification",    "services": [{        "service": "BANK_ACC"    }],    "consentTimestamp": "2026-05-22T00:00:00+0000",    "consentMode": "email_otp",    "consentType": "multi_use",    "consentValidFrom": "2026-05-23T12:05:00+0000",    "consentValidTill": "2026-05-23T12:07:00+0000",    "consentReferenceId": "12341",    "consentPrincipalUserId": "USER#1234",    "clientDeclaration": true,    "consentOperations": ["VERIFY","FETCH", "STORE","REPORT"],    "consentDataCategories": [{        "category": "personal_information",        "values": ["name", "father_name"]    }, {        "category": "financial",        "values": ["bank_account", "ifsc"]    }],    "clientObtainedBy": "app-1234"}
Copy

Response

Http Status 200

Type	Key	Description	Min Version	Max Version
String	_id	Unique consent Id as assigned by Attestr Platform	v3
String	number	Unique human readable consent number for reference as assigned by Attestr platform	v3

Sample Response

Sample response for valid input

JSON
    
xxxxxxxxxx
 
{    "_id": "CX3S-m5YMohWXqt7b-",    "number": "3991-752664-7914"}
Copy

Error Response

Parameter	Type	Description
code	Number	Unique error codes for different errors. Always available.
httpStatusCode	String	Standard HTTP status code for the error
message	String	Error message describing the error. Always Available.
details	String	Detail error message. Available only for certain types of errors.

Error Codes

HTTP Status	Error Code	Error Message
400	4001	Malformed data or missing required parameter values
400	4005	Operation could not be performed due to low credits balance
401	4016	Invalid client authorization
403	4031	Unauthorized access
403	4035	Requested service is not provisioned for your account
403	4039	Client's IP address is not whitelisted
403	4035	Requested service is not provisioned for your account
429	4291	Maximum account rate limit exceeded
429	4292	Maximum API rate limit exceeded
429	4293	Maximum account daily limit exceeded
429	4294	Maximum API daily limit exceeded
500	5001	Request could not be processed

Sample Error Response

JSON
    
xxxxxxxxxx
 
{    "httpStatusCode": 400,    "code": 4001,    "message": "Malformed data or missing required parameter values",    "appError": true}
Copy

Get Free Trial

Create a free account Or “Talk to Us” for price information and other queries.

Talk to us Create free account

Last updated on