Set Consents - Firmly API

POST

api

domains

{domain}

cart

consents

Set Consents

curl --request POST \
  --url https://api.firmly.work/api/v2/domains/{domain}/cart/consents \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "consents": [
    {}
  ]
}
'

{
  "code": 400,
  "error": "ErrorConsentNotRevokable",
  "description": "Cannot revoke consent '6ba7b810-9dad-11d1-80b4-00c04fd430c8' as it is not revokable"
}

Overview

Updates the consent preferences for a customer’s cart session. This endpoint allows customers to grant or revoke consent for various purposes like marketing communications. All consent changes are tracked with signatures for compliance purposes.

Both POST and PUT methods are supported for this endpoint, providing flexibility for different client implementations.

Request Body

consents

array

required

Array of consent updates to apply.Consent Update Object:

id (string, required): Unique identifier of the consent to update
revoke (boolean, optional): Set to true to revoke consent. Omit or set to false to grant consent. Default: false

Response

Returns an updated array of all consent objects with the same structure as the Get Consents response, reflecting the changes made. When consent is granted, the system automatically creates a signature containing:

Timestamp: When consent was given
IP Address: Customer’s IP address
User Agent: Browser/client information
Session ID: Cart session identifier

This audit trail ensures compliance with data protection regulations like GDPR and CCPA.

Code Examples

curl -X POST https://api.firmly.work/api/v2/domains/staging.luma.gift/cart/consents \
  -H "x-firmly-authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "consents": [
      {
        "id": "f47ac10b-58cc-4372-a567-0e02b2c3d479"
      }
    ]
  }'

curl -X POST https://api.firmly.work/api/v2/domains/staging.luma.gift/cart/consents \
  -H "x-firmly-authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "consents": [
      {
        "id": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
        "revoke": true
      }
    ]
  }'

Update Multiple Consents

curl -X POST https://api.firmly.work/api/v2/domains/staging.luma.gift/cart/consents \
  -H "x-firmly-authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "consents": [
      {
        "id": "f47ac10b-58cc-4372-a567-0e02b2c3d479"
      },
      {
        "id": "6ba7b810-9dad-11d1-80b4-00c04fd430c8"
      },
      {
        "id": "8c9e3f12-4567-8901-2345-678901234567",
        "revoke": true
      }
    ]
  }'

Response Example

[
  {
    "id": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
    "ui_slot": "UNDER_EMAIL_INPUT",
    "text": "I would like to receive marketing emails about special offers and new products.",
    "html": "I would like to receive marketing emails about special offers and new products.",
    "type": "marketing",
    "explicit": true,
    "required": false,
    "revokable": true,
    "signed": true
  },
  {
    "id": "6ba7b810-9dad-11d1-80b4-00c04fd430c8",
    "ui_slot": "ABOVE_PLACE_ORDER_BUTTON",
    "text": "I agree to the Terms of Service and Privacy Policy.",
    "html": "I agree to the <a href='/terms'>Terms of Service</a> and <a href='/privacy'>Privacy Policy</a>.",
    "type": "terms",
    "explicit": true,
    "required": true,
    "revokable": false,
    "signed": true
  }
]

Customer must explicitly opt-in when explicit: true
Consent signature is created with timestamp and metadata
Required consents must be signed before checkout completion

Only consents with revokable: true can be revoked
Attempting to revoke non-revokable consent returns an error
Revocation is tracked with timestamp for audit purposes

Error Responses

{
  "code": 400,
  "error": "ErrorConsentNotRevokable",
  "description": "Cannot revoke consent '6ba7b810-9dad-11d1-80b4-00c04fd430c8' as it is not revokable"
}

Common Errors

Error Code	Description	Resolution
`ErrorCartNotFound`	Cart does not exist	Verify cart ID and domain
`ErrorInvalidInputBody`	Invalid request format	Check request body structure
`ErrorConsentNotFound`	One or more consent IDs not found	Verify consent IDs with Get Consents
`ErrorConsentNotRevokable`	Attempted to revoke non-revokable consent	Check consent revokable status
`ErrorStoreUnavailable`	Store service unavailable	Retry request
`MissingAuthHeader`	Missing authorization header	Include x-firmly-authorization header

OverviewConfigure shipment fulfillment and delivery options

⌘I

Set Consents

curl --request POST \
  --url https://api.firmly.work/api/v2/domains/{domain}/cart/consents \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "consents": [
    {}
  ]
}
'

{
  "code": 400,
  "error": "ErrorConsentNotRevokable",
  "description": "Cannot revoke consent '6ba7b810-9dad-11d1-80b4-00c04fd430c8' as it is not revokable"
}

​Overview

​Request Body

​Response

​Consent Signatures

​Code Examples

​Grant Single Consent

​Revoke Consent

​Update Multiple Consents

​Response Example

​Consent Rules

​Granting Consent

​Revoking Consent

​Error Responses

​Common Errors

Overview

Request Body

Response

Consent Signatures

Code Examples

Grant Single Consent

Revoke Consent

Update Multiple Consents

Response Example

Consent Rules

Granting Consent

Revoking Consent

Error Responses

Common Errors