Reference / Auth

record consent acceptance for the half-authenticated user and resume the sign-in (which may then return `mfa_required` or `complete`).

POST /v1/auth/consent/accept
End-user session operationId: accept_consent

Authorization

Called from the browser with the publishable application id (x-application-id); the access token lives in memory.

Request body · required

  • doc_types string[]

    The document types the user accepted (each recorded at its current version).

  • pending_token string required

    The `pending_token` from the `consent_required` sign-in response.

Responses

200 Consent recorded; sign-in continued
{
  "data": {
    "consent_documents": [
      {
        "doc_type": null,
        "url": null,
        "version": null
      }
    ],
    "mfa": {
      "methods": [
        null
      ],
      "pending_token": "string"
    },
    "pending_token": "string",
    "status": "string",
    "tokens": {
      "aal": 0,
      "access_token": "string",
      "expires_in": 0,
      "refresh_token": "string",
      "session_id": "018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f",
      "token_type": "string"
    },
    "user": {
      "created_at": "2026-01-15T09:30:00Z",
      "email_verified": false,
      "id": "018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f",
      "primary_email": "string",
      "profile": {},
      "status": "string"
    }
  },
  "error": {
    "code": "string",
    "message": "string"
  },
  "meta": {
    "timestamp": "string"
  },
  "success": false
}
401 Invalid or expired pending token

Request

curl -X POST "http://localhost:8080/v1/auth/consent/accept" \
  -H "Content-Type: application/json" \
  -d '{
  "doc_types": [
    "string"
  ],
  "pending_token": "string"
}'

Try it

live request
POST http://localhost:8080/v1/auth/consent/accept

Request body

application/json