> ## Documentation Index
> Fetch the complete documentation index at: https://developers.firmly.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Set Consents

> Updates consent preferences for the current cart session

## Overview

Updates the consent preferences for a customer's cart session. This endpoint allows customers to grant or revoke consent for various purposes like marketing communications. All consent changes are tracked with signatures for compliance purposes.

<Note>
  Both `POST` and `PUT` methods are supported for this endpoint, providing flexibility for different client implementations.
</Note>

## Request Body

<ParamField body="consents" type="array" required>
  Array of consent updates to apply.

  **Consent Update Object:**

  * `id` (string, required): Unique identifier of the consent to update
  * `revoke` (boolean, optional): Set to `true` to revoke consent. Omit or set to `false` to grant consent. **Default:** `false`
</ParamField>

## Response

Returns an updated array of all consent objects with the same structure as the [Get Consents](/api-reference/checkout/get-consents) response, reflecting the changes made.

## Consent Signatures

When consent is granted, the system automatically creates a signature containing:

* **Timestamp**: When consent was given
* **IP Address**: Customer's IP address
* **User Agent**: Browser/client information
* **Session ID**: Cart session identifier

This audit trail ensures compliance with data protection regulations like GDPR and CCPA.

## Code Examples

### Grant Single Consent

<CodeGroup>
  ```bash cURL theme={null}
  curl -X POST https://api.firmly.work/api/v2/domains/staging.luma.gift/cart/consents \
    -H "x-firmly-authorization: Bearer YOUR_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
      "consents": [
        {
          "id": "f47ac10b-58cc-4372-a567-0e02b2c3d479"
        }
      ]
    }'
  ```

  ```javascript JavaScript theme={null}
  const response = await fetch('https://api.firmly.work/api/v2/domains/staging.luma.gift/cart/consents', {
    method: 'POST',
    headers: {
      'x-firmly-authorization': 'Bearer YOUR_TOKEN',
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({
      consents: [
        {
          id: 'f47ac10b-58cc-4372-a567-0e02b2c3d479'
        }
      ]
    })
  });

  const updatedConsents = await response.json();
  ```

  ```python Python theme={null}
  import requests

  response = requests.post(
      'https://api.firmly.work/api/v2/domains/staging.luma.gift/cart/consents',
      headers={
          'x-firmly-authorization': 'Bearer YOUR_TOKEN',
          'Content-Type': 'application/json'
      },
      json={
          'consents': [
              {
                  'id': 'f47ac10b-58cc-4372-a567-0e02b2c3d479'
              }
          ]
      }
  )

  updated_consents = response.json()
  ```

  ```php PHP theme={null}
  $data = [
      'consents' => [
          [
              'id' => 'f47ac10b-58cc-4372-a567-0e02b2c3d479'
          ]
      ]
  ];

  $ch = curl_init();
  curl_setopt($ch, CURLOPT_URL, 'https://api.firmly.work/api/v2/domains/staging.luma.gift/cart/consents');
  curl_setopt($ch, CURLOPT_POST, true);
  curl_setopt($ch, CURLOPT_HTTPHEADER, [
      'x-firmly-authorization: Bearer YOUR_TOKEN',
      'Content-Type: application/json'
  ]);
  curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

  $response = curl_exec($ch);
  $updatedConsents = json_decode($response, true);
  curl_close($ch);
  ```
</CodeGroup>

### Revoke Consent

<CodeGroup>
  ```bash cURL theme={null}
  curl -X POST https://api.firmly.work/api/v2/domains/staging.luma.gift/cart/consents \
    -H "x-firmly-authorization: Bearer YOUR_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
      "consents": [
        {
          "id": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
          "revoke": true
        }
      ]
    }'
  ```

  ```javascript JavaScript theme={null}
  const response = await fetch('https://api.firmly.work/api/v2/domains/staging.luma.gift/cart/consents', {
    method: 'POST',
    headers: {
      'x-firmly-authorization': 'Bearer YOUR_TOKEN',
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({
      consents: [
        {
          id: 'f47ac10b-58cc-4372-a567-0e02b2c3d479',
          revoke: true
        }
      ]
    })
  });
  ```
</CodeGroup>

### Update Multiple Consents

<CodeGroup>
  ```bash cURL theme={null}
  curl -X POST https://api.firmly.work/api/v2/domains/staging.luma.gift/cart/consents \
    -H "x-firmly-authorization: Bearer YOUR_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
      "consents": [
        {
          "id": "f47ac10b-58cc-4372-a567-0e02b2c3d479"
        },
        {
          "id": "6ba7b810-9dad-11d1-80b4-00c04fd430c8"
        },
        {
          "id": "8c9e3f12-4567-8901-2345-678901234567",
          "revoke": true
        }
      ]
    }'
  ```

  ```javascript JavaScript theme={null}
  const response = await fetch('https://api.firmly.work/api/v2/domains/staging.luma.gift/cart/consents', {
    method: 'POST',
    headers: {
      'x-firmly-authorization': 'Bearer YOUR_TOKEN',
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({
      consents: [
        { id: 'f47ac10b-58cc-4372-a567-0e02b2c3d479' },              // Grant
        { id: '6ba7b810-9dad-11d1-80b4-00c04fd430c8' },              // Grant
        { id: '8c9e3f12-4567-8901-2345-678901234567', revoke: true } // Revoke
      ]
    })
  });
  ```
</CodeGroup>

## Response Example

```json theme={null}
[
  {
    "id": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
    "ui_slot": "UNDER_EMAIL_INPUT",
    "text": "I would like to receive marketing emails about special offers and new products.",
    "html": "I would like to receive marketing emails about special offers and new products.",
    "type": "marketing",
    "explicit": true,
    "required": false,
    "revokable": true,
    "signed": true
  },
  {
    "id": "6ba7b810-9dad-11d1-80b4-00c04fd430c8",
    "ui_slot": "ABOVE_PLACE_ORDER_BUTTON",
    "text": "I agree to the Terms of Service and Privacy Policy.",
    "html": "I agree to the <a href='/terms'>Terms of Service</a> and <a href='/privacy'>Privacy Policy</a>.",
    "type": "terms",
    "explicit": true,
    "required": true,
    "revokable": false,
    "signed": true
  }
]
```

## Consent Rules

### Granting Consent

* Customer must explicitly opt-in when `explicit: true`
* Consent signature is created with timestamp and metadata
* Required consents must be signed before checkout completion

### Revoking Consent

* Only consents with `revokable: true` can be revoked
* Attempting to revoke non-revokable consent returns an error
* Revocation is tracked with timestamp for audit purposes

## Error Responses

<ResponseExample>
  ```json theme={null}
  {
    "code": 400,
    "error": "ErrorConsentNotRevokable",
    "description": "Cannot revoke consent '6ba7b810-9dad-11d1-80b4-00c04fd430c8' as it is not revokable"
  }
  ```
</ResponseExample>

### Common Errors

| Error Code                 | Description                               | Resolution                            |
| -------------------------- | ----------------------------------------- | ------------------------------------- |
| `ErrorCartNotFound`        | Cart does not exist                       | Verify cart ID and domain             |
| `ErrorInvalidInputBody`    | Invalid request format                    | Check request body structure          |
| `ErrorConsentNotFound`     | One or more consent IDs not found         | Verify consent IDs with Get Consents  |
| `ErrorConsentNotRevokable` | Attempted to revoke non-revokable consent | Check consent revokable status        |
| `ErrorStoreUnavailable`    | Store service unavailable                 | Retry request                         |
| `MissingAuthHeader`        | Missing authorization header              | Include x-firmly-authorization header |