Quickstart

This guide walks you through making your first two API calls: recording a consent decision for a user, then fetching that user’s consent status to confirm it was stored. You only need curl and the two values from your dashboard listed below.

Prerequisites

• API key — generate one in your truConsent dashboard under Settings → API Keys
• Collection point ID — the display_id of a collection point you created in the dashboard (for example, signup-form or checkout-page)

1. Get your API key

   Log in to your truConsent dashboard and go to Settings → API Keys. Create a new key and copy it — the dashboard only shows it once.

   All server-to-server requests must include this key in the X-API-Key header. Do not embed it in client-side code.

2. Record a consent decision

   Call POST /consent/{collection_point_id}/consent with the user’s ID, their overall action, and a list of per-purpose decisions.

   Replace your-collection-point-id with the display_id of your collection point, and your-api-key with the key you just copied.

   curl -X POST https://api.truConsent.io/consent/your-collection-point-id/consent \
     -H "X-API-Key: your-api-key" \
     -H "Content-Type: application/json" \
     -d '{
       "userId": "user_123",
       "action": "approved",
       "purposes": [
         {
           "id": "purpose_abc",
           "name": "Marketing",
           "consented": "approved",
           "is_mandatory": false
         }
       ]
     }'

   A successful response returns HTTP 201 with the created consent record:

   {
     "id": "c3d4e5f6-...",
     "action": "approved",
     "purpose_consents": [
       {
         "purpose_id": "purpose_abc",
         "purpose_name": "Marketing",
         "status": "approved",
         "is_mandatory": false,
         "purpose_version": 1
       }
     ],
     "timestamp": "2026-04-21T10:30:00.000Z"
   }

   Valid values for action are approved, declined, partial_consent, revoked, and no_action. The consented field on each purpose follows the same set of values.

   Note

   The collection_point_id in the URL can be either the human-readable display_id (for example, signup-form) or the UUID of the collection point. Both are accepted.

3. Verify by fetching consent status

   Call GET /consent/user-consent-status to retrieve the user’s full consent state across all collection points.

   curl "https://api.truConsent.io/consent/user-consent-status?userId=user_123" \
     -H "X-API-Key: your-api-key"

   The response lists every collection point the user has a consent record for, along with the most recent decision for each:

   {
     "user_id": "user_123",
     "total_consents": 1,
     "collection_points": [
       {
         "collection_point": {
           "id": "a1b2c3d4-...",
           "display_id": "your-collection-point-id",
           "name": "Sign-up Form",
           "description": null,
           "consent_type": "explicit"
         },
         "latest_consent": {
           "id": "c3d4e5f6-...",
           "action": "approved",
           "purpose_consents": [...],
           "timestamp": "2026-04-21T10:30:00.000Z",
           "status": "pending",
           "request_id": "r7e8f9..."
         }
       }
     ],
     "timestamp": "2026-04-21T10:30:05.000Z"
   }

   If collection_points contains the record you just created, your integration is working.

Next steps

Authentication

Understand the two auth methods and when to use each. Read more →

Consent model

Learn how collection points, purposes, and consent logs fit together. Read more →