FR EN

Issue a consent request

A check only ever returns allow once a person has actually granted the cell. This guide obtains that grant. You issue a signed consent request, Agreely emails the recipient a secure deep link, and their approval produces a receipt and activates the cell.

You need an issue-scoped key and a verified company domain (the request is signed by your company DID, which only resolves once your domain is verified).

Issue the request

items are catalog entry ids and/or raw {category, purpose} pairs, resolved server-side to your declared active catalog entries. The offer is signed on the backend (your signing key never leaves it) and the email is sent after commit.

const r = await agreely.consentRequests.create({
  customerId: "cust_8812",
  recipientEmail: "[email protected]",
  // catalog entry ids AND/OR raw {category, purpose} pairs:
  items: ["<catalogEntryId>", { category: "Email address", purpose: "Newsletter" }],
  validUntil: "2031-01-01",
}, { idempotencyKey: "order-4471" });

console.log(r.requestId); // 0x... 64 hex, the public handle console.log(r.deepLink); // the recipient's secure approval link console.log(r.emailDelivered);

$r = $agreely->consentRequests()->create([
    'customerId'     => 'cust_8812',
    'recipientEmail' => '[email protected]',
    'items'          => ['<catalogEntryId>', ['category' => 'Email address', 'purpose' => 'Newsletter']],
    'validUntil'     => '2031-01-01',
], ['idempotencyKey' => 'order-4471']);

echo $r->requestId; // 0x... 64 hex echo $r->deepLink; // the recipient's secure approval link var_dump($r->emailDelivered);

agreely request create \
  --customer cust_8812 --to [email protected] \
  --item "Email address:Newsletter" --item <catalogEntryId> \
  --valid-until 2031-01-01 --idempotency-key order-4471 --json
# -> {"requestId":"0x...","status":"pending","deepLink":"...","emailDelivered":true,"items":[...]}
curl -sS https://api.agreely.ca/v1/consent-requests \
  -H "Authorization: Bearer $AGREELY_API_KEY" \
  -H "Content-Type: application/json" \
  -H "Idempotency-Key: order-4471" \
  -d '{
    "customerId": "cust_8812",
    "recipientEmail": "[email protected]",
    "items": ["<catalogEntryId>", {"category":"Email address","purpose":"Newsletter"}],
    "validUntil": "2031-01-01"
  }'

The response is the IssuedRequest: requestId (the 0x-hex protocol handle), status: "pending", the deepLink, emailDelivered, and the item labels.

create is never auto-retried

Because issuance sends an email, the SDK never auto-retries it. It attaches a unique Idempotency-Key per call; pass your own (as above) so that a retry replays the original 201 instead of issuing twice. A replay returns the same request with no double-issue and no double-email.

Optional fields

Beyond customerId, recipientEmail, items, and validUntil (past that date the offer expires), a request accepts two optional inputs:

  • the recipient language (French or English), so the offer is presented in their language;
  • the minor fields (article 4.1): an "is a minor" flag, parental consent, and by whom it is given.

The interactive /v1 reference gives the exact field names and their constraints.

Track the request

const page = await agreely.consentRequests.list({ status: "pending" });
const one  = await agreely.consentRequests.get(r.requestId); // by the 0x handle

A request is pending until the recipient answers. If they do not answer within the 30-day window it lazily flips to expired. On approval it becomes approved, the cell's enforcement record goes active, and the very next check for that cell returns allow. A settled request is one of pending, approved, refused, expired, or revoked_before_action.

To wait for settlement instead of polling by hand, use waitForSettlement (or agreely request wait on the CLI). It polls get until the request settles, then returns the final record.

const settled = await agreely.consentRequests.waitForSettlement(r.requestId, {
  intervalMs: 2000,   // default
  timeoutMs: 120000,  // default; a client-side timeout throws AgreelyTimeoutError, not an outage
});

What the recipient does

The deep link opens the approval flow. A first-time recipient creates a citizen DID and a passkey; a returning one signs in. They review the exact (category, purpose) cells and approve with their passkey. That passkey assertion plus your company signature become the two proofs in the receipt.

Next