myOneTrustDeveloper ForumTechnology Partners
API Reference
Subscribe via RSS
Start typing to search…

Create Consent Receipts

post
https://{hostname}/request/v1/consentreceipts

Use this API to create consent receipts from a collection point. This API is used by all collection points and allows external applications to submit requests to store data subject consent transactions.

🗒

Things to Know

  • Each collection point must first be set up in the OneTrust Platform to generate a valid JWT, which must be present in the request payload. The JWT can be found on the Integrations tab of the Collection point details screen within the platform or can be retrieved by calling the Get Collection Point Token API.

  • Once the test parameter is set to true, reverting it to false is not possible. However, transitioning from test=false to test=true is supported. For more information on how to remove the test flag in the OneTrust Platform, see Managing Data Subject Records.

  • In most cases, further authorization is not required. However, additional information for setting up authenticated consent can be found here when needed.

  • Please avoid passing privacy notices for regular Custom API collection points. OneTrust strongly recommends using privacyNotices only for those enabled with dynamic configuration, as they allow you to gather information about all purposes.

  • When passing the purposes parameter, the version for PrivacyNotices will be used based on the consent date.

  • OneTrust recommends including no more than 10 purposes per consent receipt, with an absolute maximum of 20 purposes.

  • Please validate all inputs before sending data to a Custom API collection point. This API does not perform data type validation to ensure high performance and fast response times. However, invalid data will not be passed to the data subject.

Body Params
string
required
length ≥ 1

The JSON web token (JWT) for a collection point.

boolean
Defaults to false

This flag indicates whether the receipt is for testing purposes.

boolean
Defaults to false

This flag indicates whether to generate a data subject link token (JWT) that expires after 12 months. This operates independently from the Magic Link settings configured within Global Settings. This parameter is only supported for API-type collection points and cannot be used in conjunction with the shortLinkToken parameter.

boolean
Defaults to false

This flag indicates whether to generate a data subject link token with a reduced character length. This parameter cannot be used in conjunction with the generateInstantLinkToken parameter.

consentString
object

The details of the consent string that carries and encodes the data subject's consent choices.

receiptOptions
array of objects

The details of the receipt option.

receiptOptions
source
object

The source details of the consent interaction.

string

The language set for the data subject.

string
required

The data subject identifier of the data subject.

parentPrimaryIdentifiers
array of objects

The parent identifiers to link to a child data subject. This is used when the Enable Parent-child relationship on this collection point setting is enabled for a collection point.

parentPrimaryIdentifiers
dsDataElements
object

The additional information about the data subject provided during their consent interaction.

customPayload
object

This parameter can be used to store custom data in key value pairs against the receipt. The total size of the customPayload data should not exceed 4000 characters.

additionalIdentifiers
object

Additional identifiers for the request, such as secondary email addresses

attachments
array of objects

The details of the uploaded files that contain written consent records. A maximum of 20 attachments can be referenced.

attachments
purposes
array of objects

The details of the purposes involved in the consent interaction.

purposes
string

The date and time that the data subject interacted with the collection point.

privacyNotices
array of objects

The details of the privacy notice linked to the collection point.

privacyNotices
geoLocation
object

The data subject's location where consent was provided.

boolean
Defaults to false

This flag indicates whether interaction date validation is enabled when updating data element values. If set to true, data element values will be overwritten only if the interaction date of the receipt is later than the last updated date of the data subject.

string

The type of data subject identifier used for the data subject's primary identifier.

Headers
string

The signed JWT that can be verified with the Public Key created in the OneTrust application. The value must include the type "Bearer" and should also include a "sub" claim that matches the identifier parameter value.

string
enum
Defaults to application/json

Generated from available response content types

Allowed:
Responses

400

Bad Request

500

Internal Server Error

Updated 4 months ago

Language
URL
Response 
 Choose an example:
application/json
Receipt Only - application/json
Receipt with Instant Link Token - application/json
Receipt with Short Link Token - application/json
*/*
Updated 4 months ago