Consent Link — Overview

A consent link is a secure, one-time URL you generate and send to a data principal via SMS or email. When the recipient opens the link, they verify their identity via OTP and then see the consent banner for a specific collection point — where they can approve, decline, or revoke their purposes without logging in to your application.

Use consent links for:

• Collecting consent during customer onboarding over SMS
• Re-consent campaigns when your data processing purposes change
• Out-of-app consent flows (IVR follow-ups, email footers, QR codes)

---

How it works

1. Your server calls POST /api/consent/consent-links with the data principal’s phone number, asset, and collection point.
2. The API returns a consent_link URL and an event_id.
3. You deliver the link to the data principal (SMS, WhatsApp, email, etc.).
4. The data principal opens the link, verifies their phone via OTP (is_verified = true), then submits consent (is_completed = true).
5. The consent record is written against the event_id and is retrievable from the audit log.

---

Prerequisites

• A logged-in dashboard user account — both endpoints authenticate via Authorization: Bearer <token>. This is the session token of the dashboard user making the request.
• Your Organization ID (PropelAuth org ID or your subdomain slug). See Organization ID.
• At least one active asset and one active collection point associated with it.

Note

These endpoints are authenticated by a dashboard user session token — not an API key. If you are calling them server-side, use the token obtained when the dashboard user signs in.

---

Steps

1. Create a consent link — Call the API to generate a link for a data principal.

2. View link history — Retrieve and audit all links your organization has generated.

3. Dashboard — Use the truConsent dashboard to generate and track links without any code.

---

Next: Create a consent link →