Use this endpoint to generate a magic consent link for a data principal. The link directs the user to a hosted consent flow where they verify their identity via OTP and submit their consent preferences.
Authentication
Both headers are required.
Header
Type
Required
Description
X-Org-Id
string
Yes
Your organization slug
X-API-Key
string
Yes
Your tenant API key
Query parameters
Parameter
Type
Required
Description
asset_id
string
Yes
The asset ID to associate this consent link with
Body
Field
Type
Required
Description
collectionPointId
string
Yes
UUID or display_id of the collection point. Also accepted as collection_point_id.
phone
string
Yes
The data principal’s phone number in E.164 format (for example, +917299424311). Receives the OTP during the consent flow.
email
string
No
If provided, a branded consent email with the magic link is sent to this address. The address is deleted immediately after sending.
expiryHours
integer
No
How long the link remains valid. Between 1 and 24. Default: 24. Also accepted as expiry_hours.
Response
201 Created
Field
Type
Description
requestId
string
Stable identifier for this consent request. Use to check status, duplicate, or correlate consent outcomes.
eventId
string
Unique identifier for this specific link instance. Each duplication produces a new eventId while preserving the same requestId.
consentLink
string
The magic link URL to share with the data principal.
expiresAt
string
ISO 8601 timestamp of when the link expires.
deliveryStatus
object
Outcome of any delivery attempts made during link creation.
deliveryStatus fields:
Field
Type
Description
email
string
Present when email was provided. Either "sent" or "failed".
Errors
Status
Description
400
X-Org-Id could not be resolved, or collectionPointId is missing or invalid
401
X-API-Key is invalid or missing
403
API key lacks the admin scope
404
No collection point found matching collectionPointId
