Skip to main content
POST
https://api.firmly.work
/
api
/
v2
/
domains
/
{domain}
/
cart
/
consents
Set Consents
curl --request POST \
  --url https://api.firmly.work/api/v2/domains/{domain}/cart/consents \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "consents": [
    {}
  ]
}
'
{
  "code": 400,
  "error": "ErrorConsentNotRevokable",
  "description": "Cannot revoke consent '6ba7b810-9dad-11d1-80b4-00c04fd430c8' as it is not revokable"
}

Overview

Updates the consent preferences for a customer’s cart session. This endpoint allows customers to grant or revoke consent for various purposes like marketing communications. All consent changes are tracked with signatures for compliance purposes.
Both POST and PUT methods are supported for this endpoint, providing flexibility for different client implementations.

Request Body

consents
array
required
Array of consent updates to apply.Consent Update Object:
  • id (string, required): Unique identifier of the consent to update
  • revoke (boolean, optional): Set to true to revoke consent. Omit or set to false to grant consent. Default: false

Response

Returns an updated array of all consent objects with the same structure as the Get Consents response, reflecting the changes made. When consent is granted, the system automatically creates a signature containing:
  • Timestamp: When consent was given
  • IP Address: Customer’s IP address
  • User Agent: Browser/client information
  • Session ID: Cart session identifier
This audit trail ensures compliance with data protection regulations like GDPR and CCPA.

Code Examples

curl -X POST https://api.firmly.work/api/v2/domains/staging.luma.gift/cart/consents \
  -H "x-firmly-authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "consents": [
      {
        "id": "f47ac10b-58cc-4372-a567-0e02b2c3d479"
      }
    ]
  }'

curl -X POST https://api.firmly.work/api/v2/domains/staging.luma.gift/cart/consents \
  -H "x-firmly-authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "consents": [
      {
        "id": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
        "revoke": true
      }
    ]
  }'

Update Multiple Consents

curl -X POST https://api.firmly.work/api/v2/domains/staging.luma.gift/cart/consents \
  -H "x-firmly-authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "consents": [
      {
        "id": "f47ac10b-58cc-4372-a567-0e02b2c3d479"
      },
      {
        "id": "6ba7b810-9dad-11d1-80b4-00c04fd430c8"
      },
      {
        "id": "8c9e3f12-4567-8901-2345-678901234567",
        "revoke": true
      }
    ]
  }'

Response Example

[
  {
    "id": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
    "ui_slot": "UNDER_EMAIL_INPUT",
    "text": "I would like to receive marketing emails about special offers and new products.",
    "html": "I would like to receive marketing emails about special offers and new products.",
    "type": "marketing",
    "explicit": true,
    "required": false,
    "revokable": true,
    "signed": true
  },
  {
    "id": "6ba7b810-9dad-11d1-80b4-00c04fd430c8",
    "ui_slot": "ABOVE_PLACE_ORDER_BUTTON",
    "text": "I agree to the Terms of Service and Privacy Policy.",
    "html": "I agree to the <a href='/terms'>Terms of Service</a> and <a href='/privacy'>Privacy Policy</a>.",
    "type": "terms",
    "explicit": true,
    "required": true,
    "revokable": false,
    "signed": true
  }
]
  • Customer must explicitly opt-in when explicit: true
  • Consent signature is created with timestamp and metadata
  • Required consents must be signed before checkout completion
  • Only consents with revokable: true can be revoked
  • Attempting to revoke non-revokable consent returns an error
  • Revocation is tracked with timestamp for audit purposes

Error Responses

{
  "code": 400,
  "error": "ErrorConsentNotRevokable",
  "description": "Cannot revoke consent '6ba7b810-9dad-11d1-80b4-00c04fd430c8' as it is not revokable"
}

Common Errors

Error CodeDescriptionResolution
ErrorCartNotFoundCart does not existVerify cart ID and domain
ErrorInvalidInputBodyInvalid request formatCheck request body structure
ErrorConsentNotFoundOne or more consent IDs not foundVerify consent IDs with Get Consents
ErrorConsentNotRevokableAttempted to revoke non-revokable consentCheck consent revokable status
ErrorStoreUnavailableStore service unavailableRetry request
MissingAuthHeaderMissing authorization headerInclude x-firmly-authorization header