Step 5: Consent Creation
Once you have:
- ✅ Generated the Access Token (Step 3)
- ✅ Prepared the Consent Request Payload (Step 4)
You are now ready to create a Consent Request.
Endpoint
Method: POST
URL: /api/cm/v1/df/consent-requests
Environment Base URLs
Staging: https://staging.indiaconsent.com/api/cm/v1/df/consent-requests
Production: https://www.indiaconsent.com/api/cm/v1/df/consent-requests
Request Headers
| Header | Value |
|---|---|
| Content-Type | application/json |
| Authorization | Bearer <accessToken> |
Sample Request
POST /api/cm/v1/df/consent-requests
Authorization: Bearer <accessToken>
Content-Type: application/json
{
"version": "1.0",
"requestId": "3c14b629-ae66-48f1-b5d7-cafc2078c1a4",
"fiduciary": {
"fidId": "c8ab306d-0a53-4af1-9f3c-c4662df39500"
},
"dataPrincipal": {
"dpHash": "68fb2ced2daaf430ebd5c9eb"
},
"service": {
"id": "shopping.order.fulfilment",
"name": "Online Shopping & Order Fulfilment"
},
"content": {
"defaultLanguage": "en",
"company": {
"companyName": "AlignMyCareer",
"logo": "https://www.alignmycareer.com/app/favicon.ico",
"privacyPolicyUrl": "https://www.alignmycareer.com/privacy-policy",
"termsOfServiceUrl": "https://www.alignmycareer.com/terms",
"contactEmail": "contact@alignmycareer.com",
"grievanceOfficer": {
"name": "Charanjeet",
"email": "charanjeet@alignmycareer.com"
}
},
"languages": [{
"lang": "en",
"label": "English",
"purposes": [{
"purposeId": "order.placement",
"purposeText": "Order Placement & Fulfilment",
"description": "To place, process, ship, and deliver your orders purchased on our platform",
"dataCategories": [{
"id": "contact.fullname",
"label": "Full Name"
}, {
"id": "contact.email",
"label": "Email Address"
}, {
"id": "contact.address",
"label": "Shipping Address"
}
],
"retention": {
"duration": 1,
"unit": "year"
}
}, {
"purposeId": "payment.processing",
"purposeText": "Payment Processing & Refunds",
"description": "To process payments, refunds, charges, and transaction confirmations.",
"dataCategories": [{
"id": "payment.method",
"label": "Payment Method"
}, {
"id": "payment.status",
"label": "Payment Status"
}
],
"retention": {
"duration": 1,
"unit": "year"
}
}
]
}, {
"lang": "hi",
"label": "हिंदी",
"purposes": [{
"purposeId": "order.placement",
"purposeText": "ऑर्डर प्लेसमेंट और पूर्ति",
"description": "हमारे प्लेटफॉर्म पर खरीदे गए आपके ऑर्डर को प्लेस करने, प्रोसेस करने, शिप करने और डिलीवर करने के लिए।",
"dataCategories": [{
"id": "contact.fullname",
"label": "पूरा नाम"
}, {
"id": "contact.email",
"label": "मेल पता"
}, {
"id": "contact.address",
"label": "शिपिंग पता"
}
],
"retention": {
"duration": 1,
"unit": "year"
}
}, {
"purposeId": "payment.processing",
"purposeText": "भुगतान प्रसंस्करण और रिफंड",
"description": "पेमेंट, रिफंड, चार्जबैक और ट्रांज़ैक्शन कन्फर्मेशन को प्रोसेस करने के लिए।",
"dataCategories": [{
"id": "payment.method",
"label": "भुगतान विधि"
}, {
"id": "payment.status",
"label": "भुगतान की स्थिति"
}
],
"retention": {
"duration": 1,
"unit": "year"
}
}
]
}, {
"lang": "ta",
"label": "தமிழ்",
"purposes": [{
"purposeId": "order.placement",
"purposeText": "ஆர்டர் செய்தல் மற்றும் நிறைவேற்றுதல்",
"description": "எங்கள் தளத்தில் நீங்கள் வாங்கிய ஆர்டர்களைப் பதிவு செய்யவும், செயலாக்கவும், அனுப்பவும் மற்றும் டெலிவரி செய்யவும்.",
"dataCategories": [{
"id": "contact.fullname",
"label": "முழு பெயர்"
}, {
"id": "contact.email",
"label": "மின்னஞ்சல் முகவரி"
}, {
"id": "contact.address",
"label": "கப்பல் முகவரி"
}
],
"retention": {
"duration": 1,
"unit": "year"
}
}, {
"purposeId": "payment.processing",
"purposeText": "பணம் செலுத்துதல் செயலாக்கம் & பணத்தைத் திரும்பப் பெறுதல்",
"description": "பணம் செலுத்துதல், பணத்தைத் திரும்பப் பெறுதல், கட்டணம் வசூலித்தல் மற்றும் பரிவர்த்தனை உறுதிப்படுத்தல்களைச் செயல்படுத்த.",
"dataCategories": [{
"id": "payment.method",
"label": "பணம் செலுத்தும் முறை"
}, {
"id": "payment.status",
"label": "பணம் செலுத்தும் நிலை"
}
],
"retention": {
"duration": 1,
"unit": "year"
}
}
]
}
]
},
"supersedesPrevious": true
}
Sample Code
- Java
- Springboot
- Python
- NodeJS
- Curl
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.time.Duration;
public class ConsentCreation {
private static final String CONSENT_MGR_URL = "https://staging.indiaconsent.com";
public static void main(String[] args) throws Exception {
String token = "<TOKEN>"; // Replace with actual token from step 3
String payload = "<PAYLOAD>"; // Replace with actual payload from step 4
HttpRequest consentRequest = HttpRequest.newBuilder()
.uri(URI.create(CONSENT_MGR_URL + "/api/cm/v1/df/consent-requests"))
.POST(HttpRequest.BodyPublishers.ofString(payload))
.header("Authorization", "Bearer " + token)
.header("Content-Type", "application/json")
.timeout(Duration.ofSeconds(15))
.build();
HttpClient httpClient = HttpClient.newBuilder()
.connectTimeout(Duration.ofSeconds(10))
.build();
HttpResponse<String> consentResponse = httpClient.send(
consentRequest,
HttpResponse.BodyHandlers.ofString()
);
if (consentResponse.statusCode() != 200
&& consentResponse.statusCode() != 201) {
throw new RuntimeException("Consent API failed: " + consentResponse.body());
}
String redirectUrl = extractJsonValue(
consentResponse.body(),
"redirectUrl"
);
if (redirectUrl == null) {
throw new RuntimeException("redirectUrl not found in response");
}
System.out.println("Redirect URL: " + redirectUrl);
}
/**
* Simple JSON key extractor without external libraries.
* Works for flat JSON responses like:
* { "token": "abc123" }
*/
private static String extractJsonValue(String json, String key) {
String pattern = """ + key + "":";
int index = json.indexOf(pattern);
if (index == -1) return null;
int start = json.indexOf(""", index + pattern.length()) + 1;
int end = json.indexOf(""", start);
if (start == 0 || end == -1) return null;
return json.substring(start, end);
}
}
import org.springframework.http.*;
import org.springframework.web.client.RestTemplate;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
public class ConsentRequestClient {
private static final String CONSENT_MGR_URL = "https://staging.indiaconsent.com";
private static final ObjectMapper MAPPER = new ObjectMapper();
public static void main(String[] args) throws Exception {
String accessToken = "<TOKEN>"; // Replace with actual token from step 3
// ---------- Prepare Consent Request ----------
HttpHeaders apiHeaders = new HttpHeaders();
apiHeaders.setContentType(MediaType.APPLICATION_JSON);
apiHeaders.setBearerAuth(accessToken);
String jsonPayload = "<PAYLOAD>"; // Replace with actual payload from step 4
RestTemplate restTemplate = new RestTemplate();
ResponseEntity<String> response = restTemplate.exchange(
CONSENT_MGR_URL + "/api/cm/v1/df/consent-requests",
HttpMethod.POST,
new HttpEntity<>(jsonPayload, apiHeaders),
String.class);
if (!response.getStatusCode().is2xxSuccessful()) {
throw new RuntimeException("Consent request failed: " + response.getBody());
}
JsonNode responseJson = MAPPER.readTree(response.getBody());
String redirectUrl = responseJson.path("redirectUrl").asText(null);
if (redirectUrl == null) {
throw new RuntimeException("redirectUrl not found in response");
}
System.out.println("Redirect user to: " + redirectUrl);
}
}
import requests
CONSENT_MGR_URL = "https://staging.indiaconsent.com"
access_token = "<TOKEN>"; # Replace with actual token from step 3
payload = "<PAYLOAD>"; # Replace with actual payload from step 4
api_headers = {
"Authorization": f"Bearer {access_token}",
"Content-Type": "application/json"
}
response = requests.post(
f"{CONSENT_MGR_URL}/api/cm/v1/df/consent-requests",
headers=api_headers,
json=payload
)
response.raise_for_status()
redirect_url = response.json().get("redirectUrl")
print("Redirect URL:", redirect_url)
const axios = require("axios");
async function createConsent() {
const CONSENT_MGR_URL = "https://staging.indiaconsent.com";
const accessToken = "<TOKEN>"; // Replace with actual token from step 3
const payload = "<PAYLOAD>"; // Replace with actual payload from step 4
const response = await axios.post(
`${CONSENT_MGR_URL}/api/cm/v1/df/consent-requests`,
payload,
{
headers: {
Authorization: `Bearer ${accessToken}`,
"Content-Type": "application/json"
}
}
);
console.log("Redirect URL:", response.data.redirectUrl);
}
createConsent();
curl -X POST https://staging.indiaconsent.com/api/cm/v1/df/consent-requests -H "Authorization: Bearer ACCESS_TOKEN" -H "Content-Type: application/json" -d @consent.json
Sample Response
The API will generate a new Consent Request and return a response containing multiple attributes.
{
"crId": "0d2f6211-17f3-4e99-aec0-d6a0d404cfcd",
"createdAt": "2026-04-06T11:36:26.131734Z",
"dpHash": "68fb2ced2daaf430ebd5c9eb",
"fidId": "c8ab306d-0a53-4af1-9f3c-c4662df39500",
"redirectUrl": "https://staging.indiaconsent.com/consent?cr_id=0d2f6211-17f3-4e99-aec0-d6a0d404cfcd",
"requestId": "3c14b629-ae66-48f1-b5d7-cafc2078c1a4",
"serviceId": "shopping.order.fulfilment",
"status": "pending"
}
Important Response Attributes
| Attribute | Description |
|---|---|
| crId | Unique identifier of the Consent Request |
| requestId | Request Reference ID |
| fidId | Data Fiduciary identifier |
| dpHash | Hash representing the Data Principal context |
| status | Current state of consent request |
| serviceId | Service ID of the consent |
| redirectUrl | URL to display the consent notice to the user |
🚀 Most Important Field: redirectUrl
The redirectUrl is the key output of this step.
This URL must be used by the Data Fiduciary’s UI to display the Consent Notice to the user.
What Happens Next?
-
In Step 6, you will extract the
redirectUrlfrom this response. -
In Step 7, your application will open this URL to allow the user to Grant or Revoke consent.